chore(🦾): bump python python-dotenv 1.1.0 -> 1.1.1

2026-05-17 13:55:15 +00:00 · 2025-07-28 19:12:51 +00:00
5441 changed files with 230515 additions and 747255 deletions
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -24,9 +24,7 @@ notifications:
  discussions: notifications@superset.apache.org
 github:
-  pull_requests:
+  del_branch_on_merge: true
    del_branch_on_merge: true
    allow_update_branch: true
  description: "Apache Superset is a Data Visualization and Data Exploration Platform"
  homepage: https://superset.apache.org/
  labels:
@@ -85,7 +83,6 @@ github:
          - cypress-matrix (5, chrome)
          - dependency-review
          - frontend-build
          - playwright-tests (chromium)
          - pre-commit (current)
          - pre-commit (previous)
          - test-mysql
--- a/.claude/commands/js-to-ts.md
+++ b/.claude/commands/js-to-ts.md
@@ -1,10 +0,0 @@
 # JavaScript to TypeScript Migration Command
 ## Usage
 ```
 /js-to-ts <core-filename>
 ```
 - `<core-filename>` - Path to CORE file relative to `superset-frontend/` (e.g., `src/utils/common.js`, `src/middleware/loggerMiddleware.js`)
 ## Agent Instructions
 **See:** [../projects/js-to-ts/AGENT.md](../projects/js-to-ts/AGENT.md) for complete migration guide.
--- a/.claude/projects/js-to-ts/AGENT.md
+++ b/.claude/projects/js-to-ts/AGENT.md
@@ -1,684 +0,0 @@
 # JavaScript to TypeScript Migration Agent Guide
 **Complete technical reference for converting JavaScript/JSX files to TypeScript/TSX in Apache Superset frontend.**
 **Agent Role:** Atomic migration unit - migrate the core file + ALL related tests/mocks as one cohesive unit. Use `git mv` to preserve history, NO `git commit`. NO global import changes. Report results upon completion.
 ---
 ## 🎯 Migration Principles
 1. **Atomic migration units** - Core file + all related tests/mocks migrate together
 2. **Zero `any` types** - Use proper TypeScript throughout
 3. **Leverage existing types** - Reuse established definitions
 4. **Type inheritance** - Derivatives extend base component types
 5. **Strategic placement** - File types for maximum discoverability
 6. **Surgical improvements** - Enhance existing types during migration
 ---
 ## Step 0: Dependency Check (MANDATORY)
 **Command:**
 ```bash
 grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" superset-frontend/{filename}
 ```
 **Decision:**
 - ✅ No matches → Proceed with atomic migration (core + tests + mocks)
 - ❌ Matches found → EXIT with dependency report (see format below)
 ---
 ## Step 1: Identify Related Files (REQUIRED)
 **Atomic Migration Scope:**
 For core file `src/utils/example.js`, also migrate:
 - `src/utils/example.test.js` / `src/utils/example.test.jsx`
 - `src/utils/example.spec.js` / `src/utils/example.spec.jsx`
 - `src/utils/__mocks__/example.js`
 - Any other related test/mock files found by pattern matching
 **Find all related test and mock files:**
 ```bash
 # Pattern-based search for related files
 basename=$(basename {filename} .js)
 dirname=$(dirname superset-frontend/{filename})
 # Find test files
 find "$dirname" -name "${basename}.test.js" -o -name "${basename}.test.jsx"
 find "$dirname" -name "${basename}.spec.js" -o -name "${basename}.spec.jsx"
 # Find mock files  
 find "$dirname" -name "__mocks__/${basename}.js"
 find "$dirname" -name "${basename}.mock.js"
 ```
 **Migration Requirement:** All discovered related files MUST be migrated together as one atomic unit.
 **Test File Creation:** If NO test files exist for the core file, CREATE a minimal test file using the following pattern:
 - Location: Same directory as core file
 - Name: `{basename}.test.ts` (e.g., `DebouncedMessageQueue.test.ts`)
 - Content: Basic test structure importing and testing the main functionality
 - Use proper TypeScript types in test file
 ---
 ## 🗺️ Type Reference Map
 ### From `@superset-ui/core`
 ```typescript
 // Data & Query
 QueryFormData, QueryData, JsonObject, AnnotationData, AdhocMetric
 LatestQueryFormData, GenericDataType, DatasourceType, ExtraFormData
 DataMaskStateWithId, NativeFilterScope, NativeFiltersState, NativeFilterTarget
 // UI & Theme  
 FeatureFlagMap, LanguagePack, ColorSchemeConfig, SequentialSchemeConfig
 ```
 ### From `@superset-ui/chart-controls`
 ```typescript
 Dataset, ColumnMeta, ControlStateMapping
 ```
 ### From Local Types (`src/types/`)
 ```typescript
 // Authentication
 User, UserWithPermissionsAndRoles, BootstrapUser, PermissionsAndRoles
 // Dashboard
 Dashboard, DashboardState, DashboardInfo, DashboardLayout, LayoutItem
 ComponentType, ChartConfiguration, ActiveFilters
 // Charts
 Chart, ChartState, ChartStatus, ChartLinkedDashboard, Slice, SaveActionType
 // Data
 Datasource, Database, Owner, Role
 // UI Components
 TagType, FavoriteStatus, Filter, ImportResourceName
 ```
 ### From Domain Types
 ```typescript
 // src/dashboard/types.ts
 RootState, ChartsState, DatasourcesState, FilterBarOrientation
 ChartCrossFiltersConfig, ActiveTabs, MenuKeys
 // src/explore/types.ts  
 ExplorePageInitialData, ExplorePageState, ExploreResponsePayload, OptionSortType
 // src/SqlLab/types.ts
 [SQL Lab specific types]
 ```
 ---
 ## 🏗️ Type Organization Strategy
 ### Type Placement Hierarchy
 1. **Component-Colocated** (90% of cases)
   ```typescript
   // Same file as component
   interface MyComponentProps {
     title: string;
     onClick: () => void;
   }
   ```
 2. **Feature-Shared**
   ```typescript
   // src/[domain]/components/[Feature]/types.ts
   export interface FilterConfiguration {
     filterId: string;
     targets: NativeFilterTarget[];
   }
   ```
 3. **Domain-Wide**
   ```typescript
   // src/[domain]/types.ts
   export interface ExploreFormData extends QueryFormData {
     viz_type: string;
   }
   ```
 4. **Global**
   ```typescript
   // src/types/[TypeName].ts
   export interface ApiResponse<T> {
     result: T;
     count?: number;
   }
   ```
 ### Type Discovery Commands
 ```bash
 # Search existing types before creating
 find superset-frontend/src -name "types.ts" -exec grep -l "[TypeConcept]" {} \;
 grep -r "interface.*Props\|type.*Props" superset-frontend/src/
 ```
 ### Derivative Component Patterns
 **Rule:** Components that extend others should extend their type interfaces.
 ```typescript
 // ✅ Base component type
 interface SelectProps {
  value: string | number;
  options: SelectOption[];
  onChange: (value: string | number) => void;
  disabled?: boolean;
 }
 // ✅ Derivative extends base
 interface ChartSelectProps extends SelectProps {
  charts: Chart[];
  onChartSelect: (chart: Chart) => void;
 }
 // ✅ Derivative with modified props  
 interface DatabaseSelectProps extends Omit<SelectProps, 'value' | 'onChange'> {
  value: number;  // Narrowed type
  onChange: (databaseId: number) => void;  // Specific signature
 }
 ```
 **Common Patterns:**
 - **Extension:** `extends BaseProps` - adds new props
 - **Omission:** `Omit<BaseProps, 'prop'>` - removes props
 - **Modification:** `Omit<BaseProps, 'prop'> & { prop: NewType }` - changes prop type
 - **Restriction:** Override with narrower types (union → specific)
 ---
 ## 📋 Migration Recipe
 ### Step 2: File Conversion
 ```bash
 # Use git mv to preserve history
 git mv component.js component.ts
 git mv Component.jsx Component.tsx
 ```
 ### Step 3: Import & Type Setup
 ```typescript
 // Import order (enforced by linting)
 import { FC, ReactNode } from 'react';
 import { JsonObject, QueryFormData } from '@superset-ui/core';
 import { Dataset } from '@superset-ui/chart-controls';
 import type { Dashboard } from 'src/types/Dashboard';
 ```
 ### Step 4: Function & Component Typing
 ```typescript
 // Functions with proper parameter/return types
 export function processData(
  data: Dataset[],
  config: JsonObject
 ): ProcessedData[] {
  // implementation
 }
 // Component props with inheritance
 interface ComponentProps extends BaseProps {
  data: Chart[];
  onSelect: (id: number) => void;
 }
 const Component: FC<ComponentProps> = ({ data, onSelect }) => {
  // implementation
 };
 ```
 ### Step 5: State & Redux Typing
 ```typescript
 // Hooks with specific types
 const [data, setData] = useState<Chart[]>([]);
 const [selected, setSelected] = useState<number | null>(null);
 // Redux with existing RootState
 const mapStateToProps = (state: RootState) => ({
  charts: state.charts,
  user: state.user,
 });
 ```
 ---
 ## 🧠 Type Debugging Strategies (Real-World Learnings)
 ### The Evolution of Type Approaches
 When you hit type errors, follow this debugging evolution:
 #### 1. ❌ Idealized Union Types (First Attempt)
 ```typescript
 // Looks clean but doesn't match reality
 type DatasourceInput = Datasource | QueryEditor;
 ```
 **Problem**: Real calling sites pass variations, not exact types.
 #### 2. ❌ Overly Precise Types (Second Attempt)
 ```typescript
 // Tried to match exact calling signatures
 type DatasourceInput =
  | IDatasource  // From DatasourcePanel
  | (QueryEditor & { columns: ColumnMeta[] });  // From SaveQuery
 ```
 **Problem**: Too rigid, doesn't handle legacy variations.
 #### 3. ✅ Flexible Interface (Final Solution)
 ```typescript
 // Captures what the function actually needs
 interface DatasourceInput {
  name?: string | null;  // Allow null for compatibility
  datasource_name?: string | null;  // Legacy variations
  columns?: any[];  // Multiple column types accepted
  database?: { id?: number };
  // ... other optional properties
 }
 ```
 **Success**: Works with all calling sites, focuses on function needs.
 ### Type Debugging Process
 1. **Start with compilation errors** - they show exact mismatches
 2. **Examine actual usage** - look at calling sites, not idealized types  
 3. **Build flexible interfaces** - capture what functions need, not rigid contracts
 4. **Iterate based on downstream validation** - let calling sites guide your types
 ---
 ## 🚨 Anti-Patterns to Avoid
 ```typescript
 // ❌ Never use any
 const obj: any = {};
 // ✅ Use proper types
 const obj: Record<string, JsonObject> = {};
 // ❌ Don't recreate base component props
 interface ChartSelectProps {
  value: string;     // Duplicated from SelectProps
  onChange: () => void;  // Duplicated from SelectProps
  charts: Chart[];   // New prop
 }
 // ✅ Inherit and extend
 interface ChartSelectProps extends SelectProps {
  charts: Chart[];   // Only new props
 }
 // ❌ Don't create ad-hoc type variations
 interface UserInfo {
  name: string;
  email: string;
 }
 // ✅ Extend existing types (DRY principle)
 import { User } from 'src/types/bootstrapTypes';
 type UserDisplayInfo = Pick<User, 'firstName' | 'lastName' | 'email'>;
 // ❌ Don't create overly rigid unions
 type StrictInput = ExactTypeA | ExactTypeB;
 // ✅ Create flexible interfaces for function parameters
 interface FlexibleInput {
  // Focus on what the function actually needs
  commonProperty: string;
  optionalVariations?: any;  // Allow for legacy variations
 }
 ```
 ## 📍 DRY Type Guidelines (WHERE TYPES BELONG)
 ### Type Placement Rules
 **CRITICAL**: Type variations must live close to where they belong, not scattered across files.
 #### ✅ Proper Type Organization
 ```typescript
 // ❌ Don't create one-off interfaces in utility files
 // src/utils/datasourceUtils.ts
 interface DatasourceInput { /* custom interface */ }  // Wrong!
 // ✅ Use existing types or extend them in their proper domain
 // src/utils/datasourceUtils.ts
 import { IDatasource } from 'src/explore/components/DatasourcePanel';
 import { QueryEditor } from 'src/SqlLab/types';
 // Create flexible interface that references existing types
 interface FlexibleDatasourceInput {
  // Properties that actually exist across variations
 }
 ```
 #### Type Location Hierarchy
 1. **Domain Types**: `src/{domain}/types.ts` (dashboard, explore, SqlLab)
 2. **Component Types**: Co-located with components  
 3. **Global Types**: `src/types/` directory
 4. **Utility Types**: Only when they truly don't belong elsewhere
 #### ✅ DRY Type Patterns
 ```typescript
 // ✅ Extend existing domain types
 interface SaveQueryData extends Pick<QueryEditor, 'sql' | 'dbId' | 'catalog'> {
  columns: ColumnMeta[];  // Add what's needed
 }
 // ✅ Create flexible interfaces for cross-domain utilities
 interface CrossDomainInput {
  // Common properties that exist across different source types
  name?: string | null;  // Accommodate legacy null values
  // Only include properties the function actually uses
 }
 ```
 ---
 ## 🎯 PropTypes Auto-Generation (Elegant Approach)
 **IMPORTANT**: Superset has `babel-plugin-typescript-to-proptypes` configured to automatically generate PropTypes from TypeScript interfaces. Use this instead of manual PropTypes duplication!
 ### ❌ Manual PropTypes Duplication (Avoid This)
 ```typescript
 export interface MyComponentProps {
  title: string;
  count?: number;
 }
 // 8+ lines of manual PropTypes duplication 😱
 const propTypes = PropTypes.shape({
  title: PropTypes.string.isRequired,
  count: PropTypes.number,
 });
 export default propTypes;
 ```
 ### ✅ Auto-Generated PropTypes (Use This)
 ```typescript
 import { InferProps } from 'prop-types';
 export interface MyComponentProps {
  title: string;
  count?: number;
 }
 // Single validator function - babel plugin auto-generates PropTypes! ✨
 export default function MyComponentValidator(props: MyComponentProps) {
  return null; // PropTypes auto-assigned by babel-plugin-typescript-to-proptypes
 }
 // Optional: For consumers needing PropTypes type inference
 export type MyComponentPropsInferred = InferProps<typeof MyComponentValidator>;
 ```
 ### Migration Pattern for Type-Only Files
 **When migrating type-only files with manual PropTypes:**
 1. **Keep the TypeScript interfaces** (single source of truth)
 2. **Replace manual PropTypes** with validator function
 3. **Remove PropTypes imports** and manual shape definitions
 4. **Add InferProps import** if type inference needed
 **Example Migration:**
 ```typescript
 // Before: 25+ lines with manual PropTypes duplication
 export interface AdhocFilterType { /* ... */ }
 const adhocFilterTypePropTypes = PropTypes.oneOfType([...]);
 // After: 3 lines with auto-generation
 export interface AdhocFilterType { /* ... */ }
 export default function AdhocFilterValidator(props: { filter: AdhocFilterType }) {
  return null; // Auto-generated PropTypes by babel plugin
 }
 ```
 ### Component PropTypes Pattern
 **For React components, the babel plugin works automatically:**
 ```typescript
 interface ComponentProps {
  title: string;
  onClick: () => void;
 }
 const MyComponent: FC<ComponentProps> = ({ title, onClick }) => {
  // Component implementation
 };
 // PropTypes automatically generated by babel plugin - no manual work needed!
 export default MyComponent;
 ```
 ### Auto-Generation Benefits
 - ✅ **Single source of truth**: TypeScript interfaces drive PropTypes
 - ✅ **No duplication**: Eliminate 15-20 lines of manual PropTypes code
 - ✅ **Automatic updates**: Changes to TypeScript automatically update PropTypes
 - ✅ **Type safety**: Compile-time checking ensures PropTypes match interfaces
 - ✅ **Backward compatibility**: Existing JavaScript components continue working
 ### Babel Plugin Configuration
 The plugin is already configured in `babel.config.js`:
 ```javascript
 ['babel-plugin-typescript-to-proptypes', { loose: true }]
 ```
 **No additional setup required** - just use TypeScript interfaces and the plugin handles the rest!
 ---
 ## 🧪 Test File Migration Patterns
 ### Test File Priority
 - **Always migrate test files** alongside production files
 - **Test files are often leaf nodes** - good starting candidates
 - **Create tests if missing** - Leverage new TypeScript types for better test coverage
 ### Test-Specific Type Patterns
 ```typescript
 // Mock interfaces for testing
 interface MockStore {
  getState: () => Partial<RootState>;  // Partial allows minimal mocking
 }
 // Type-safe mocking for complex objects
 const mockDashboardInfo: Partial<DashboardInfo> as DashboardInfo = {
  id: 123,
  json_metadata: '{}',
 };
 // Sinon stub typing
 let postStub: sinon.SinonStub;
 beforeEach(() => {
  postStub = sinon.stub(SupersetClient, 'post');
 });
 // Use stub reference instead of original method
 expect(postStub.callCount).toBe(1);
 expect(postStub.getCall(0).args[0].endpoint).toMatch('/api/');
 ```
 ### Test Migration Recipe
 1. **Migrate production file first** (if both need migration)
 2. **Update test imports** to point to `.ts/.tsx` files
 3. **Add proper mock typing** using `Partial<T> as T` pattern
 4. **Fix stub typing** - Use stub references, not original methods
 5. **Verify all tests pass** with TypeScript compilation
 ---
 ## 🔧 Type Conflict Resolution
 ### Multiple Type Definitions Issue
 **Problem**: Same type name defined in multiple files causes compilation errors.
 **Example**: `DashboardInfo` defined in both:
 - `src/dashboard/reducers/types.ts` (minimal)
 - `src/dashboard/components/Header/types.ts` (different shape)  
 - `src/dashboard/types.ts` (complete - used by RootState)
 ### Resolution Strategy
 1. **Identify the authoritative type**:
   ```bash
   # Find which type is used by RootState/main interfaces
   grep -r "DashboardInfo" src/dashboard/types.ts
   ```
 2. **Use import from authoritative source**:
   ```typescript
   // ✅ Import from main domain types
   import { RootState, DashboardInfo } from 'src/dashboard/types';
   // ❌ Don't import from component-specific files
   import { DashboardInfo } from 'src/dashboard/components/Header/types';
   ```
 3. **Mock complex types in tests**:
   ```typescript
   // For testing - provide minimal required fields
   const mockInfo: Partial<DashboardInfo> as DashboardInfo = {
     id: 123,
     json_metadata: '{}',
     // Only provide fields actually used in test
   };
   ```
 ### Type Hierarchy Discovery Commands
 ```bash
 # Find all definitions of a type
 grep -r "interface.*TypeName\|type.*TypeName" src/
 # Find import usage patterns
 grep -r "import.*TypeName" src/
 # Check what RootState uses
 grep -A 10 -B 10 "TypeName" src/*/types.ts
 ```
 ---
 ## Agent Constraints (CRITICAL)
 1. **Use git mv** - Run `git mv file.js file.ts` to preserve git history, but NO `git commit`
 2. **NO global import changes** - Don't update imports across codebase
 3. **Type files OK** - Can modify existing type files to improve/align types
 4. **Single-File TypeScript Validation** (CRITICAL) - tsc has known issues with multi-file compilation:
   - **Core Issue**: TypeScript's `tsc` has documented problems validating multiple files simultaneously in complex projects
   - **Solution**: ALWAYS validate files one at a time using individual `tsc` calls
   - **Command Pattern**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {single-file-path}`
   - **Why**: Multi-file validation can produce false positives, miss real errors, and conflict during parallel agent execution
 5. **Downstream Impact Validation** (CRITICAL) - Your migration affects calling sites:
   - **Find downstream files**: `find superset-frontend/src -name "*.tsx" -o -name "*.ts" | xargs grep -l "your-core-filename" 2>/dev/null || echo "No files found"`
   - **Validate each downstream file individually**: `cd superset-frontend && npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
   - **Fix type mismatches** you introduced in calling sites
   - **NEVER ignore downstream errors** - they indicate your types don't match reality
 6. **Avoid Project-Wide Validation During Migration**:
   - **NEVER use `npm run type`** during parallel agent execution - produces unreliable results
   - **Single-file validation is authoritative** - trust individual file checks over project-wide scans
 6. **ESLint validation** - Run `npm run eslint -- --fix {file}` for each migrated file to auto-fix formatting/linting issues
 6. Zero `any` types - use proper TypeScript types
 7. Search existing types before creating new ones
 8. Follow patterns from this guide
 ---
 ## Success Report Format
 ```
 SUCCESS: Atomic Migration of {core-filename}
 ## Files Migrated (Atomic Unit)
 - Core: {core-filename} → {core-filename.ts/tsx}
 - Tests: {list-of-test-files} → {list-of-test-files.ts/tsx} OR "CREATED: {basename}.test.ts"
 - Mocks: {list-of-mock-files} → {list-of-mock-files.ts}
 - Type files modified: {list-of-type-files}
 ## Types Created/Improved
 - {TypeName}: {location} ({scope}) - {rationale}
 - {ExistingType}: enhanced in {location} - {improvement-description}
 ## Documentation Recommendations  
 - ADD_TO_DIRECTORY: {TypeName} - {reason}
 - NO_DOCUMENTATION: {TypeName} - {reason}
 ## Quality Validation
 - **Single-File TypeScript Validation**: ✅ PASS - Core files individually validated
  - Core file: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {core-file}`
  - Test files: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {test-file}` (if exists)
 - **Downstream Impact Check**: ✅ PASS - Found {N} files importing this module, all validate individually
  - Downstream files: {list-of-files-that-import-your-module}
  - Individual validation: `npx tscw --noEmit --allowJs --composite false --project tsconfig.json {each-downstream-file}`
 - **ESLint validation**: ✅ PASS (using `npm run eslint -- --fix {files}` to auto-fix formatting)
 - **Zero any types**: ✅ PASS
 - **Local imports resolved**: ✅ PASS  
 - **Functionality preserved**: ✅ PASS
 - **Tests pass** (if test file): ✅ PASS
 - **Follow-up action required**: {YES/NO}
 ## Validation Strategy Notes
 - **Single-file approach used**: Avoided multi-file tsc validation due to known TypeScript compilation issues
 - **Project-wide validation skipped**: `npm run type` not used during parallel migration to prevent false positives
 ## Migration Learnings
 - Type conflicts encountered: {describe any multiple type definitions}
 - Mock patterns used: {describe test mocking approaches}
 - Import hierarchy decisions: {note authoritative type sources used}
 - PropTypes strategy: {AUTO_GENERATED via babel plugin | MANUAL_DUPLICATION_REMOVED | N/A}
 ## Improvement Suggestions for Documentation
 - AGENT.md enhancement: {suggest additions to migration guide}
 - Common pattern identified: {note reusable patterns for future migrations}
 ```
 ---
 ## Dependency Block Report Format
 ```
 DEPENDENCY_BLOCK: Cannot migrate {filename}
 ## Blocking Dependencies
 - {path}: {type} - {usage} - {priority}
 ## Impact Analysis
 - Estimated types: {number}
 - Expected locations: {list}
 - Cross-domain: {YES/NO}
 ## Recommended Order
 {ordered-list}
 ```
 ---
 ## 📚 Quick Reference
 **Type Utilities:**
 - `Record<K, V>` - Object with specific key/value types
 - `Partial<T>` - All properties optional
 - `Pick<T, K>` - Subset of properties
 - `Omit<T, K>` - Exclude specific properties
 - `NonNullable<T>` - Exclude null/undefined
 **Event Types:**
 - `MouseEvent<HTMLButtonElement>`
 - `ChangeEvent<HTMLInputElement>`
 - `FormEvent<HTMLFormElement>`
 **React Types:**
 - `FC<Props>` - Functional component
 - `ReactNode` - Any renderable content
 - `CSSProperties` - Style objects
 ---
 **Remember:** Every type should add value and clarity. The goal is meaningful type safety that catches bugs and improves developer experience.
--- a/.claude/projects/js-to-ts/COORDINATOR.md
+++ b/.claude/projects/js-to-ts/COORDINATOR.md
@@ -1,199 +0,0 @@
 # JS-to-TS Coordinator Workflow
 **Role:** Strategic migration coordination - select leaf-node files, trigger agents, review results, handle integration, manage dependencies.
 ---
 ## 1. Core File Selection Strategy
 **Target ONLY Core Files**: Coordinators identify core files (production code), agents handle related tests/mocks atomically.
 **File Analysis Commands**:
 ```bash
 # Find CORE files with no JS/JSX dependencies (exclude tests/mocks) - SIZE PRIORITIZED
 find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | xargs wc -l | sort -n | head -20
 # Alternative: Get file sizes in lines with paths
 find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | while read file; do
  lines=$(wc -l < "$file")
  echo "$lines $file"
 done | sort -n | head -20
 # Check dependencies for core files only (start with smallest)
 for file in <core-files-sorted-by-size>; do
  echo "=== $file ($(wc -l < "$file") lines) ==="
  grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" || echo "✅ LEAF CANDIDATE"
 done
 # Identify heavily imported files (migrate last)  
 grep -r "from.*utils/common" superset-frontend/src/ | wc -l
 # Quick leaf analysis with size priority
 find superset-frontend/src -name "*.js" -o -name "*.jsx" | grep -v "test\|spec\|mock" | head -30 | while read file; do
  deps=$(grep -E "from '\.\./.*\.jsx?'|from '\./.*\.jsx?'|from 'src/.*\.jsx?'" "$file" | wc -l)
  lines=$(wc -l < "$file")
  if [ "$deps" -eq 0 ]; then
    echo "✅ LEAF: $lines lines - $file"
  fi
 done | sort -n
 ```
 **Priority Order** (Smallest files first for easier wins):
 1. **Small leaf files** (<50 lines) - No JS/JSX imports, quick TypeScript conversion
 2. **Medium leaf files** (50-200 lines) - Self-contained utilities and helpers  
 3. **Small dependency files** (<100 lines) - Import only already-migrated files
 4. **Larger components** (200+ lines) - Complex but well-contained functionality
 5. **Core foundational files** (utils/common.js, controls.jsx) - migrate last regardless of size
 **Size-First Benefits**:
 - Faster completion builds momentum
 - Earlier validation of migration patterns
 - Easier rollback if issues arise
 - Better success rate for agent learning
 **Migration Unit**: Each agent call migrates:
 - 1 core file (primary target)
 - All related `*.test.js/jsx` files
 - All related `*.mock.js` files  
 - All related `__mocks__/` files
 ---
 ## 2. Task Creation & Agent Control
 ### Task Triggering
 When triggering the `/js-to-ts` command:
 - **Task Title**: Use the core filename as the task title (e.g., "DebouncedMessageQueue.js migration", "hostNamesConfig.js migration")
 - **Task Description**: Include the full relative path to help agent locate the file
 - **Reference**: Point agent to [AGENT.md](./AGENT.md) for technical instructions
 ### Post-Processing Workflow
 After each agent completes:
 1. **Review Agent Report**: Always read and analyze the complete agent report
 2. **Share Summary**: Provide user with key highlights from agent's work:
   - Files migrated (core + tests/mocks)
   - Types created or improved
   - Any validation issues or coordinator actions needed
 3. **Quality Assessment**: Evaluate agent's TypeScript implementation against criteria:
   - ✅ **Type Usage**: Proper types used, no `any` types
   - ✅ **Type Filing**: Types placed in correct hierarchy (component → feature → domain → global)
   - ✅ **Side Effects**: No unintended changes to other files
   - ✅ **Import Alignment**: Proper .ts/.tsx import extensions
 4. **Integration Decision**:
   - **COMMIT**: If agent work is complete and high quality
   - **FIX & COMMIT**: If minor issues need coordinator fixes
   - **ROLLBACK**: If major issues require complete rework
 5. **Next Action**: Ask user preference - commit this work or trigger next migration
 ---
 ## 3. Integration Decision Framework
 **Automatic Integration** ✅:
 - `npm run type` passes without errors
 - Agent created clean TypeScript with proper types
 - Types appropriately filed in hierarchy
 **Coordinator Integration** (Fix Side-Effects) 🔧:
 - `npm run type` fails BUT agent's work is high quality
 - Good type usage, proper patterns, well-organized
 - Side-effects are manageable TypeScript compilation errors
 - **Coordinator Action**: Integrate the change, then fix global compilation issues
 **Rollback Only** ❌:
 - Agent introduced `any` types or poor type choices
 - Types poorly organized or conflicting with existing patterns
 - Fundamental approach issues requiring complete rework
 **Integration Process**:
 1. **Review**: Agent already used `git mv` to preserve history
 2. **Fix Side-Effects**: Update dependent files with proper import extensions
 3. **Resolve Types**: Fix any cascading type issues across codebase
 4. **Validate**: Ensure `npm run type` passes after fixes
 ---
 ## 4. Common Integration Patterns
 **Common Side-Effects (Expect These)**:
 - **Type import conflicts**: Multiple definitions of same type name
 - **Mock object typing**: Tests need complete type satisfaction
 - **Stub method references**: Use stub vars instead of original methods
 **Coordinator Fixes (Standard Process)**:
 1. **Import Resolution**:
   ```bash
   # Find authoritative type source
   grep -r "TypeName" src/*/types.ts
   # Import from domain types (src/dashboard/types.ts) not component types
   ```
 2. **Test Mock Completion**:
   ```typescript
   // Use Partial<T> as T pattern for minimal mocking
   const mockDashboard: Partial<DashboardInfo> as DashboardInfo = {
     id: 123,
     json_metadata: '{}',
   };
   ```
 3. **Stub Reference Fixes**:
   ```typescript
   // ✅ Use stub variable
   expect(postStub.callCount).toBe(1);
   // ❌ Don't use original method
   expect(SupersetClient.post.callCount).toBe(1);
   ```
 4. **Validation Commands**:
   ```bash
   npm run type          # TypeScript compilation
   npm test -- filename  # Test functionality
   git status           # Should show rename, not add/delete
   ```
 ---
 ## 5. File Categories for Planning
 ### Leaf Files (Start Here)
 **Self-contained files with minimal JS/JSX dependencies**:
 - Test files (80 files) - Usually only import the file being tested
 - Utility files without internal dependencies
 - Components importing only external libraries
 ### Heavily Imported Files (Migrate Last)
 **Core files that many others depend on**:
 - `utils/common.js` - Core utility functions
 - `utils/reducerUtils.js` - Redux helpers  
 - `@superset-ui/core` equivalent files
 - Major state management files (`explore/store.js`, `dashboard/actions/`)
 ### Complex Components (Middle Priority)  
 **Large files requiring careful type analysis**:
 - `components/Datasource/DatasourceEditor.jsx` (1,809 lines)
 - `explore/components/controls/AnnotationLayerControl/AnnotationLayer.jsx` (1,031 lines)
 - `explore/components/ExploreViewContainer/index.jsx` (911 lines)
 ---
 ## 6. Success Metrics & Continuous Improvement
 **Per-File Gates**:
 - ✅ `npm run type` passes after each migration
 - ✅ Zero `any` types introduced
 - ✅ All imports properly typed
 - ✅ Types filed in correct hierarchy
 **Linear Scheduling**:
 When agents report `DEPENDENCY_BLOCK`:
 - Queue dependencies in linear order
 - Process one file at a time to avoid conflicts
 - Handle cascading type changes between files
 **After Each Migration**:
 1. **Update guides** with new patterns discovered
 2. **Document coordinator fixes** that become common
 3. **Enhance agent instructions** based on recurring issues
 4. **Track success metrics** - automatic vs coordinator integration rates
--- a/.claude/projects/js-to-ts/PROJECT.md
+++ b/.claude/projects/js-to-ts/PROJECT.md
@@ -1,76 +0,0 @@
 # JavaScript to TypeScript Migration Project
 Progressive migration of 219 JS/JSX files to TypeScript in Apache Superset frontend.
 ## 📁 Project Documentation
 - **[AGENT.md](./AGENT.md)** - Complete technical migration guide for agents (includes type reference, patterns, validation)
 - **[COORDINATOR.md](./COORDINATOR.md)** - Strategic workflow for coordinators (file selection, task management, integration)
 ## 🎯 Quick Start
 **For Agents:** Read [AGENT.md](./AGENT.md) for complete migration instructions
 **For Coordinators:** Read [COORDINATOR.md](./COORDINATOR.md) for workflow and [AGENT.md](./AGENT.md) for supervision
 **Command:** `/js-to-ts <filename>` - See [../../commands/js-to-ts.md](../../commands/js-to-ts.md)
 ## 📊 Migration Progress
 **Scope**: 219 files total (112 JS + 107 JSX)
 - Production files: 139 (63%)  
 - Test files: 80 (37%)
 **Strategy**: Leaf-first migration with dependency-aware coordination
 ### Completed Migrations ✅
 1. **roundDecimal** - `plugins/legacy-plugin-chart-map-box/src/utils/roundDecimal.js`
   - Migrated core + test files
   - Added proper TypeScript function signature with optional precision parameter
   - All tests pass
 2. **timeGrainSqlaAnimationOverrides** - `src/explore/controlPanels/timeGrainSqlaAnimationOverrides.js`
   - Migrated to TypeScript with ControlPanelState and Dataset types
   - Added TimeGrainOverrideState interface for return type
   - Used type guards for safe property access
 3. **DebouncedMessageQueue** - `src/utils/DebouncedMessageQueue.js`
   - Migrated to TypeScript with proper generics
   - Created DebouncedMessageQueueOptions interface
   - **CREATED test file** with 4 comprehensive test cases
   - Excellent class property typing with private/readonly modifiers
 **Files Migrated**: 3/219 (1.4%)
 **Tests Created**: 2 (roundDecimal had existing, DebouncedMessageQueue created)
 ### Next Candidates (Leaf Nodes) 🎯
 **Identified leaf files with no JS/JSX dependencies:**
 - `src/utils/hostNamesConfig.js` - Domain configuration utility
 - `src/explore/controlPanels/Separator.js` - Control panel configuration  
 - `src/middleware/loggerMiddleware.js` - Logging middleware
 **Migration Quality**: All completed migrations have:
 - ✅ Zero `any` types
 - ✅ Proper TypeScript compilation
 - ✅ ESLint validation passed
 - ✅ Test coverage (created where missing)
 ---
 ## 📈 Success Metrics
 **Per-File Gates**:
 - ✅ `npm run type` passes after each migration
 - ✅ Zero `any` types introduced  
 - ✅ All imports properly typed
 - ✅ Types filed in correct hierarchy
 **Overall Progress**:
 - **Automatic Integration Rate**: 100% (3/3 migrations required no coordinator fixes)
 - **Test Coverage**: Improved (1 new test file created)
 - **Type Safety**: Enhanced with proper interfaces and generics
 ---
 *This is a claudette-managed progressive refactor. All documentation and coordination resources are organized under `.claude/projects/js-to-ts/`*
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -1,15 +0,0 @@
 {
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "jq -r '.tool_input.command // \"\"' | grep -qE '^git commit' && cd \"$CLAUDE_PROJECT_DIR\" && echo '🔍 Running pre-commit before commit...' && pre-commit run || true"
          }
        ]
      }
    ]
  }
 }
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,20 +0,0 @@
 # Keep this in sync with the base image in the main Dockerfile (ARG PY_VER)
 FROM python:3.11.13-trixie AS base
 # Install system dependencies that Superset needs
 # This layer will be cached across Codespace sessions
 RUN apt-get update && apt-get install -y \
    libsasl2-dev \
    libldap2-dev \
    libpq-dev \
    tmux \
    gh \
    && rm -rf /var/lib/apt/lists/*
 # Install uv for fast Python package management
 # This will also be cached in the image
 RUN curl -LsSf https://astral.sh/uv/install.sh | sh && \
    echo 'export PATH="/root/.cargo/bin:$PATH"' >> /etc/bash.bashrc
 # Set the cargo/bin directory in PATH for all users
 ENV PATH="/root/.cargo/bin:${PATH}"
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -1,5 +0,0 @@
 # Superset Development with GitHub Codespaces
 For complete documentation on using GitHub Codespaces with Apache Superset, please see:
 **[Setting up a Development Environment - GitHub Codespaces](https://superset.apache.org/docs/contributing/development#github-codespaces-cloud-development)**
--- a/.devcontainer/bashrc-additions
+++ b/.devcontainer/bashrc-additions
@@ -1,62 +0,0 @@
 # Superset Codespaces environment setup
 # This file is appended to ~/.bashrc during Codespace setup
 # Find the workspace directory (handles both 'superset' and 'superset-2' names)
 WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
 if [ -n "$WORKSPACE_DIR" ]; then
    # Check if virtual environment exists
    if [ -d "$WORKSPACE_DIR/.venv" ]; then
        # Activate the virtual environment
        source "$WORKSPACE_DIR/.venv/bin/activate"
        echo "✅ Python virtual environment activated"
        # Verify pre-commit is installed and set up
        if command -v pre-commit &> /dev/null; then
            echo "✅ pre-commit is available ($(pre-commit --version))"
            # Install git hooks if not already installed
            if [ -d "$WORKSPACE_DIR/.git" ] && [ ! -f "$WORKSPACE_DIR/.git/hooks/pre-commit" ]; then
                echo "🪝 Installing pre-commit hooks..."
                cd "$WORKSPACE_DIR" && pre-commit install
            fi
        else
            echo "⚠️  pre-commit not found. Run: pip install pre-commit"
        fi
    else
        echo "⚠️  Python virtual environment not found at $WORKSPACE_DIR/.venv"
        echo "   Run: cd $WORKSPACE_DIR && .devcontainer/setup-dev.sh"
    fi
    # Always cd to the workspace directory for convenience
    cd "$WORKSPACE_DIR"
 fi
 # Add helpful aliases for Superset development
 alias start-superset="$WORKSPACE_DIR/.devcontainer/start-superset.sh"
 alias setup-dev="$WORKSPACE_DIR/.devcontainer/setup-dev.sh"
 # Show helpful message on login
 echo ""
 echo "🚀 Superset Codespaces Environment"
 echo "=================================="
 # Check if Superset is running
 if docker ps 2>/dev/null | grep -q "superset"; then
    echo "✅ Superset is running!"
    echo "   - Check the 'Ports' tab for your live Superset URL"
    echo "   - Initial startup takes 10-20 minutes"
    echo "   - Login: admin/admin"
 else
    echo "⚠️  Superset is not running. Use: start-superset"
    # Check if there's a startup log
    if [ -f "/tmp/superset-startup.log" ]; then
        echo "   📋 Startup log found: cat /tmp/superset-startup.log"
    fi
 fi
 echo ""
 echo "Quick commands:"
 echo "  start-superset - Start Superset with Docker Compose"
 echo "  setup-dev      - Set up Python environment (if not already done)"
 echo "  pre-commit run - Run pre-commit checks on staged files"
 echo ""
--- a/.devcontainer/build-and-push-image.sh
+++ b/.devcontainer/build-and-push-image.sh
@@ -1,20 +0,0 @@
 #!/bin/bash
 # Script to build and push the devcontainer image to GitHub Container Registry
 # This allows caching the image between Codespace sessions
 # You'll need to run this with appropriate GitHub permissions
 # gh auth login --scopes write:packages
 REGISTRY="ghcr.io"
 OWNER="apache"
 REPO="superset"
 TAG="devcontainer-base"
 echo "Building devcontainer image..."
 docker build -t $REGISTRY/$OWNER/$REPO:$TAG .devcontainer/
 echo "Pushing to GitHub Container Registry..."
 docker push $REGISTRY/$OWNER/$REPO:$TAG
 echo "Done! Update .devcontainer/devcontainer.json to use:"
 echo "  \"image\": \"$REGISTRY/$OWNER/$REPO:$TAG\""
--- a/.devcontainer/default/devcontainer.json
+++ b/.devcontainer/default/devcontainer.json
@@ -1,19 +0,0 @@
 {
  // Extend the base configuration
  "extends": "../devcontainer-base.json",
  "name": "Apache Superset Development (Default)",
  // Forward ports for development
  "forwardPorts": [9001],
  "portsAttributes": {
    "9001": {
      "label": "Superset (via Webpack Dev Server)",
      "onAutoForward": "notify",
      "visibility": "public"
    }
  },
  // Auto-start Superset on Codespace resume
  "postStartCommand": ".devcontainer/start-superset.sh"
 }
--- a/.devcontainer/devcontainer-base.json
+++ b/.devcontainer/devcontainer-base.json
@@ -1,39 +0,0 @@
 {
  "name": "Apache Superset Development",
  // Keep this in sync with the base image in Dockerfile (ARG PY_VER)
  // Using the same base as Dockerfile, but non-slim for dev tools
  "image": "python:3.11.13-bookworm",
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker:2": {
      "moby": true,
      "dockerDashComposeVersion": "v2"
    },
    "ghcr.io/devcontainers/features/node:1": {
      "version": "20"
    },
    "ghcr.io/devcontainers/features/git:1": {},
    "ghcr.io/devcontainers/features/common-utils:2": {
      "configureZshAsDefaultShell": true
    },
    "ghcr.io/devcontainers/features/sshd:1": {
      "version": "latest"
    }
  },
  // Run commands after container is created
  "postCreateCommand": "chmod +x .devcontainer/setup-dev.sh && .devcontainer/setup-dev.sh",
  // VS Code customizations
  "customizations": {
    "vscode": {
      "extensions": [
        "ms-python.python",
        "ms-python.vscode-pylance",
        "charliermarsh.ruff",
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode"
      ]
    }
  }
 }
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,66 +0,0 @@
 {
  "name": "Apache Superset Development",
  // Option 1: Use pre-built image directly
  // "image": "ghcr.io/apache/superset:devcontainer-base",
  // Option 2: Build from Dockerfile with cache (current approach)
  "build": {
    "dockerfile": "Dockerfile",
    "context": ".",
    // Cache from the Apache registry image
    "cacheFrom": ["ghcr.io/apache/superset:devcontainer-base"]
  },
  "features": {
    "ghcr.io/devcontainers/features/docker-in-docker:2": {
      "moby": false,
      "dockerDashComposeVersion": "v2"
    },
    "ghcr.io/devcontainers/features/node:1": {
      "version": "20"
    },
    "ghcr.io/devcontainers/features/git:1": {},
    "ghcr.io/devcontainers/features/common-utils:2": {
      "configureZshAsDefaultShell": true
    },
    "ghcr.io/devcontainers/features/sshd:1": {
      "version": "latest"
    }
  },
  // Forward ports for development
  "forwardPorts": [9001],
  "portsAttributes": {
    "9001": {
      "label": "Superset (via Webpack Dev Server)",
      "onAutoForward": "notify",
      "visibility": "public"
    }
  },
  // Run commands after container is created
  "postCreateCommand": "bash .devcontainer/setup-dev.sh || echo '⚠️ Setup had issues - run .devcontainer/setup-dev.sh manually'",
  // Auto-start Superset after ensuring Docker is ready
  // Run in foreground to see any errors, but don't block on failures
  "postStartCommand": "bash -c 'echo \"Waiting 30s for services to initialize...\"; sleep 30; .devcontainer/start-superset.sh || echo \"⚠️ Auto-start failed - run start-superset manually\"'",
  // Set environment variables
  "remoteEnv": {
    // Removed automatic venv activation to prevent startup issues
    // The setup script will handle this
  },
  // VS Code customizations
  "customizations": {
    "vscode": {
      "extensions": [
        "ms-python.python",
        "ms-python.vscode-pylance",
        "charliermarsh.ruff",
        "dbaeumer.vscode-eslint",
        "esbenp.prettier-vscode"
      ]
    }
  }
 }
--- a/.devcontainer/setup-dev.sh
+++ b/.devcontainer/setup-dev.sh
@@ -1,32 +0,0 @@
 #!/bin/bash
 # Setup script for Superset Codespaces development environment
 echo "🔧 Setting up Superset development environment..."
 # The universal image has most tools, just need Superset-specific libs
 echo "📦 Installing Superset-specific dependencies..."
 sudo apt-get update
 sudo apt-get install -y \
    libsasl2-dev \
    libldap2-dev \
    libpq-dev \
    tmux \
    gh
 # Install uv for fast Python package management
 echo "📦 Installing uv..."
 curl -LsSf https://astral.sh/uv/install.sh | sh
 # Add cargo/bin to PATH for uv
 echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc
 echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.zshrc
 # Install Claude Code CLI via npm
 echo "🤖 Installing Claude Code..."
 npm install -g @anthropic-ai/claude-code
 # Make the start script executable
 chmod +x .devcontainer/start-superset.sh
 echo "✅ Development environment setup complete!"
 echo "🚀 Run '.devcontainer/start-superset.sh' to start Superset"
--- a/.devcontainer/start-superset.sh
+++ b/.devcontainer/start-superset.sh
@@ -1,69 +0,0 @@
 #!/bin/bash
 # Startup script for Superset in Codespaces
 echo "🚀 Starting Superset in Codespaces..."
 echo "🌐 Frontend will be available at port 9001"
 # Check if MCP is enabled
 if [ "$ENABLE_MCP" = "true" ]; then
    echo "🤖 MCP Service will be available at port 5008"
 fi
 # Find the workspace directory (Codespaces clones as 'superset', not 'superset-2')
 WORKSPACE_DIR=$(find /workspaces -maxdepth 1 -name "superset*" -type d | head -1)
 if [ -n "$WORKSPACE_DIR" ]; then
    cd "$WORKSPACE_DIR"
    echo "📁 Working in: $WORKSPACE_DIR"
 else
    echo "📁 Using current directory: $(pwd)"
 fi
 # Check if docker is running
 if ! docker info > /dev/null 2>&1; then
    echo "⏳ Waiting for Docker to start..."
    sleep 5
 fi
 # Clean up any existing containers
 echo "🧹 Cleaning up existing containers..."
 docker-compose -f docker-compose-light.yml --profile mcp down
 # Start services
 echo "🏗️  Building and starting services..."
 echo ""
 echo "📝 Once started, login with:"
 echo "   Username: admin"
 echo "   Password: admin"
 echo ""
 echo "📋 Running in foreground with live logs (Ctrl+C to stop)..."
 # Run docker-compose and capture exit code
 if [ "$ENABLE_MCP" = "true" ]; then
    echo "🤖 Starting with MCP Service enabled..."
    docker-compose -f docker-compose-light.yml --profile mcp up
 else
    docker-compose -f docker-compose-light.yml up
 fi
 EXIT_CODE=$?
 # If it failed, provide helpful instructions
 if [ $EXIT_CODE -ne 0 ] && [ $EXIT_CODE -ne 130 ]; then  # 130 is Ctrl+C
    echo ""
    echo "❌ Superset startup failed (exit code: $EXIT_CODE)"
    echo ""
    echo "🔄 To restart Superset, run:"
    echo "   .devcontainer/start-superset.sh"
    echo ""
    echo "🔧 For troubleshooting:"
    echo "   # View logs:"
    echo "   docker-compose -f docker-compose-light.yml logs"
    echo ""
    echo "   # Clean restart (removes volumes):"
    echo "   docker-compose -f docker-compose-light.yml down -v"
    echo "   .devcontainer/start-superset.sh"
    echo ""
    echo "   # Common issues:"
    echo "   - Network timeouts: Just retry, often transient"
    echo "   - Port conflicts: Check 'docker ps'"
    echo "   - Database issues: Try clean restart with -v"
 fi
--- a/.devcontainer/with-mcp/devcontainer.json
+++ b/.devcontainer/with-mcp/devcontainer.json
@@ -1,29 +0,0 @@
 {
  // Extend the base configuration
  "extends": "../devcontainer-base.json",
  "name": "Apache Superset Development with MCP",
  // Forward ports for development
  "forwardPorts": [9001, 5008],
  "portsAttributes": {
    "9001": {
      "label": "Superset (via Webpack Dev Server)",
      "onAutoForward": "notify",
      "visibility": "public"
    },
    "5008": {
      "label": "MCP Service (Model Context Protocol)",
      "onAutoForward": "notify",
      "visibility": "private"
    }
  },
  // Auto-start Superset with MCP on Codespace resume
  "postStartCommand": "ENABLE_MCP=true .devcontainer/start-superset.sh",
  // Environment variables
  "containerEnv": {
    "ENABLE_MCP": "true"
  }
 }
--- a/.envrc.example
+++ b/.envrc.example
@@ -1,41 +0,0 @@
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
 # Auto-configure Docker Compose for multi-instance support
 # Requires direnv: https://direnv.net/
 #
 # Install: brew install direnv (or apt install direnv)
 # Setup: Add 'eval "$(direnv hook bash)"' to ~/.bashrc (or ~/.zshrc)
 # Allow: Run 'direnv allow' in this directory once
 # Generate unique project name from directory
 export COMPOSE_PROJECT_NAME=$(basename "$PWD" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g')
 # Find available ports sequentially to avoid collisions
 _is_free() { ! lsof -i ":$1" &>/dev/null 2>&1; }
 _p=80;    while ! _is_free $_p; do ((_p++)); done; export NGINX_PORT=$_p
 _p=8088;  while ! _is_free $_p; do ((_p++)); done; export SUPERSET_PORT=$_p
 _p=9000;  while ! _is_free $_p; do ((_p++)); done; export NODE_PORT=$_p
 _p=8080;  while ! _is_free $_p || [ $_p -eq $NGINX_PORT ]; do ((_p++)); done; export WEBSOCKET_PORT=$_p
 _p=8081;  while ! _is_free $_p || [ $_p -eq $WEBSOCKET_PORT ]; do ((_p++)); done; export CYPRESS_PORT=$_p
 _p=5432;  while ! _is_free $_p; do ((_p++)); done; export DATABASE_PORT=$_p
 _p=6379;  while ! _is_free $_p; do ((_p++)); done; export REDIS_PORT=$_p
 unset _p _is_free
 echo "🐳 Superset configured: http://localhost:$SUPERSET_PORT (dev: localhost:$NODE_PORT)"
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@
 # https://github.com/apache/superset/issues/13351
-/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho @sadpandajoe
+/superset/migrations/ @mistercrunch @michael-s-molina @betodealmeida @eschutho
 # Notify some committers of changes in the components
@@ -20,12 +20,7 @@
 # Notify PMC members of changes to GitHub Actions
-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar
 # Notify PMC members of changes to CI-executed scripts (supply-chain risk:
 # scripts/ files run directly in CI workflows and can execute arbitrary code)
 /scripts/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
 # Notify PMC members of changes to required GitHub Actions
@@ -35,18 +30,3 @@
 **/*.geojson @villebro @rusackas
 /superset-frontend/plugins/legacy-plugin-chart-country-map/ @villebro @rusackas
 # Notify translation maintainers of changes to translations
 /superset/translations/ @sfirke
 # Notify PMC members of changes to extension-related files
 /docs/developer_portal/extensions/ @michael-s-molina @villebro @rusackas
 /superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset-extensions-cli/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset-frontend/src/packages/superset-core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset-frontend/src/core/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
 /superset-frontend/src/extensions/ @michael-s-molina @villebro @geido @eschutho @rusackas @kgabryje
--- a/.github/ISSUE_TEMPLATE/bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yml
@@ -41,8 +41,8 @@ body:
      label: Superset version
      options:
        - master / latest-dev
        - "6.0.0"
        - "5.0.0"
        - "4.1.3"
    validations:
      required: true
  - type: dropdown
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -18,32 +18,10 @@ e-mail address [security@superset.apache.org](mailto:security@superset.apache.or
 More details can be found on the ASF website at
 [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability)
-**Submission Standards & AI Policy**
+We kindly ask you to include the following information in your report:
-
+- Apache Superset version that you are using
-To ensure engineering focus remains on verified risks and to manage high reporting volumes, all reports must meet the following criteria:
+- A sanitized copy of your `superset_config.py` file or any config overrides
- Plain Text Format: In accordance with Apache guidelines, please provide all details in plain text within the email body. Avoid sending PDFs, Word documents, or password-protected archives.
+- Detailed steps to reproduce the vulnerability
 - Mandatory AI Disclosure: If you utilized Large Language Models (LLMs) or AI tools to identify a flaw or assist in writing a report, you must disclose this in your submission so our triage team can contextualize the findings.
 - Human-Verified PoC: All submissions must include a manual, step-by-step Proof of Concept (PoC) performed on a supported release. Raw AI outputs, hypothetical chat transcripts, or unverified scanner logs will be closed as Invalid.
 We kindly ask you to include the following information in your report to assist our developers in triaging and remediating issues efficiently:
 - Version/Commit: The specific version of Apache Superset or the Git commit hash you are using.
 - Configuration: A sanitized copy of your `superset_config.py` file or any config overrides.
 - Environment: Your deployment method (e.g., Docker Compose, Helm, or source) and relevant OS/Browser details.
 - Impacted Component: Identification of the affected area (e.g., Python backend, React frontend, or a specific database connector).
 - Expected vs. Actual Behavior: A clear description of the intended system behavior versus the observed vulnerability.
 - Detailed Reproduction Steps: Clear, manual steps to reproduce the vulnerability.
 **Out of Scope Vulnerabilities**
 To prioritize engineering efforts on genuine architectural risks, the following scenarios are explicitly out of scope and will not be issued a CVE:
 - Attacks requiring Admin privileges: (e.g., CSS injection, template manipulation, dashboard ownership overrides, or modifying global system settings). Per the CVE vulnerability definition in CNA Operational Rules 4.1, a qualifying vulnerability must allow violation of a security policy. The Admin role is a fully trusted operational boundary defined by Apache Superset's security policy; actions within this boundary do not violate that policy and are therefore considered intended capabilities 'by design,' not vulnerabilities.
 - Brute Force and Rate Limiting: Reports targeting a lack of resource exhaustion protections, generic rate-limiting, or volumetric Denial of Service (DoS) attempts.
 - Theoretical attack vectors: Issues without a demonstrable, reproducible exploit path.
 - Non-Exploitable Findings: Missing security headers, generic banner disclosures, or descriptive error messages that do not lead to a direct, documented exploit.
 **Outcome of Reports**
 Reports that are deemed out-of-scope for a CVE but represent valid security best practices or hardening opportunities may be converted into public GitHub issues. This allows the community to contribute to the general hardening of the platform even when a specific vulnerability threshold is not met.
 Note that Apache Superset is not responsible for any third-party dependencies that may
 have security issues. Any vulnerabilities found in third-party dependencies should be
@@ -51,13 +29,6 @@ reported to the maintainers of those projects. Results from security scans of Ap
 Superset dependencies found on its official Docker image can be remediated at release time
 by extending the image itself.
 **Vulnerability Aggregation & CVE Attribution**
 In accordance with MITRE CNA Operational Rules (4.1.10, 4.1.11, and 4.2.13), Apache Superset issues CVEs based on the underlying architectural root cause rather than the number of affected endpoints or exploit payloads.
 - Aggregation: If multiple exploit vectors stem from the same programmatic failure or shared vulnerable code, they must be aggregated into a single, comprehensive report.
 - Independent Fixes: Separate CVEs will only be assigned if the vulnerabilities reside in decoupled architectural modules and can be fixed independently of one another.
 Reports that fail to aggregate related findings will be merged during triage to ensure an accurate and defensible CVE record.
 **Your responsible disclosure and collaboration are invaluable.**
 ## Extra Information
--- a/.github/actions/change-detector/action.yml
+++ b/.github/actions/change-detector/action.yml
@@ -1,27 +1,24 @@
-name: Change Detector
+name: 'Change Detector'
-description: Detects file changes for pull request and push events
+description: 'Detects file changes for pull request and push events'
 inputs:
  token:
-    description: GitHub token for authentication
+    description: 'GitHub token for authentication'
    required: true
 outputs:
  python:
-    description: Whether Python-related files were changed
+    description: 'Whether Python-related files were changed'
    value: ${{ steps.change-detector.outputs.python }}
  frontend:
-    description: Whether frontend-related files were changed
+    description: 'Whether frontend-related files were changed'
    value: ${{ steps.change-detector.outputs.frontend }}
  docker:
-    description: Whether docker-related files were changed
+    description: 'Whether docker-related files were changed'
    value: ${{ steps.change-detector.outputs.docker }}
  docs:
-    description: Whether docs-related files were changed
+    description: 'Whether docs-related files were changed'
    value: ${{ steps.change-detector.outputs.docs }}
  superset-extensions-cli:
    description: Whether superset-extensions-cli package-related files were changed
    value: ${{ steps.change-detector.outputs.superset-extensions-cli }}
 runs:
-  using: composite
+  using: 'composite'
  steps:
    - name: Detect file changes
      id: change-detector
--- a/.github/actions/change-detector/label-draft-pr.yml
+++ b/.github/actions/change-detector/label-draft-pr.yml
@@ -10,7 +10,7 @@ jobs:
    steps:
      - name: Check if the PR is a draft
        id: check-draft
-        uses: actions/github-script@v8
+        uses: actions/github-script@v6
        with:
          script: |
            const isDraft = context.payload.pull_request.draft;
--- a/.github/actions/setup-docker/action.yml
+++ b/.github/actions/setup-docker/action.yml
@@ -26,16 +26,16 @@ runs:
    - name: Set up QEMU
      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+      uses: docker/setup-qemu-action@v3
    - name: Set up Docker Buildx
      if: ${{ inputs.build == 'true' }}
-      uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      uses: docker/setup-buildx-action@v3
    - name: Try to login to DockerHub
      if: ${{ inputs.login-to-dockerhub == 'true' }}
      continue-on-error: true
-      uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+      uses: docker/login-action@v3
      with:
        username: ${{ inputs.dockerhub-user }}
        password: ${{ inputs.dockerhub-token }}
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +1 @@
-../AGENTS.md
+../LLMS.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,54 +4,21 @@ updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    ignore:
      # Ignore temporarily as release schedule is too mentally taxing for dep-handling maintainers
      # Additionally, very few PRs are reviewed by this action.
      - dependency-name: anthropics/claude-code-action
    schedule:
-      interval: "daily"
+      interval: "monthly"
  - package-ecosystem: "npm"
    ignore:
-      # TODO: remove below entries until React >= 18.0.0
+      # not until React >= 18.0.0
      - dependency-name: "storybook"
        update-types: ["version-update:semver-major", "version-update:semver-minor"]
      - dependency-name: "@storybook*"
        update-types: ["version-update:semver-major", "version-update:semver-minor"]
      - dependency-name: "eslint-plugin-storybook"
      - dependency-name: "react-error-boundary"
      - dependency-name: "@rjsf/*"
      # remark-gfm v4+ requires react-markdown v9+, which needs React 18
      - dependency-name: "remark-gfm"
      - dependency-name: "react-markdown"
      # TODO: remove below entries until React >= 19.0.0
      - dependency-name: "react-icons"
      # JSDOM v30 doesn't play well with Jest v30
      # Source: https://jestjs.io/blog#known-issues
      # GH thread: https://github.com/jsdom/jsdom/issues/3492
      - dependency-name: "jest-environment-jsdom"
      # `@swc/plugin-transform-imports` doesn't work with current Webpack-SWC hybrid setup
      # See https://github.com/apache/superset/pull/37384#issuecomment-3793991389
      # TODO: remove the plugin once Lodash usage has been migrated to a more readily tree-shakeable alternative
      - dependency-name: "@swc/plugin-transform-imports"
      # `just-handlerbars-helpers` library in plugin-chart-handlebars requires `currencyformatter`` to be < 2
      - dependency-name: "currencyformatter.js"
        update-types: ["version-update:semver-major"]
      # TODO: remove below clause once https://github.com/pmmmwh/react-refresh-webpack-plugin/pull/940 lands onto a future release
      # and confirm the issue https://github.com/apache/superset/issues/39600 is fixed
      - dependency-name: "react-checkbox-tree"
        update-types: ["version-update:semver-major"]
    groups:
      storybook:
        applies-to: version-updates
        patterns:
          - "@storybook*"
          - "storybook"
        update-types:
          - "patch"
    directory: "/superset-frontend/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -59,49 +26,35 @@ updates:
    versioning-strategy: increase
-  - package-ecosystem: "pip"
+  # NOTE: `uv` support is in beta, more details here:
-    directory: "/"
+  # https://github.com/dependabot/dependabot-core/pull/10040#issuecomment-2696978430
  - package-ecosystem: "uv"
    directory: "requirements/"
    open-pull-requests-limit: 10
    schedule:
      interval: "weekly"
    labels:
-      - pip
+      - uv
      - dependabot
  - package-ecosystem: "npm"
    directory: ".github/actions"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/docs/"
    ignore:
      # TODO: remove below entries until React >= 18.0.0 in superset-frontend
      - dependency-name: "storybook"
        update-types: ["version-update:semver-major", "version-update:semver-minor"]
      - dependency-name: "@storybook*"
        update-types: ["version-update:semver-major", "version-update:semver-minor"]
      - dependency-name: "eslint-plugin-storybook"
      - dependency-name: "react-error-boundary"
    groups:
      storybook:
        applies-to: version-updates
        patterns:
          - "@storybook*"
          - "storybook"
        update-types:
          - "patch"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    open-pull-requests-limit: 10
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-websocket/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -110,7 +63,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-websocket/utils/client-ws-app/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -122,7 +75,17 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-calendar/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-histogram/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -132,7 +95,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-partition/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -142,7 +105,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-world-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -151,11 +114,8 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-pivot-table/"
    ignore:
      # TODO: remove below entries until React >= 19.0.0
      - dependency-name: "react-icons"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -165,7 +125,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-chord/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -175,7 +135,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-horizon/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -185,7 +145,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-rose/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -195,7 +155,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-deckgl/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -204,11 +164,8 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-table/"
    ignore:
      # TODO: remove below entries until React >= 19.0.0
      - dependency-name: "react-icons"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -218,7 +175,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-country-map/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -228,7 +185,17 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-map-box/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -238,7 +205,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-preset-chart-nvd3/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -248,7 +215,17 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-word-cloud/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-event-flow/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -258,7 +235,17 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-paired-t-test/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sankey-loop/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -268,7 +255,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-echarts/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -276,9 +263,9 @@ updates:
    versioning-strategy: increase
  - package-ecosystem: "npm"
-    directory: "/superset-frontend/plugins/plugin-chart-ag-grid-table/"
+    directory: "/superset-frontend/plugins/preset-chart-xy/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -286,9 +273,9 @@ updates:
    versioning-strategy: increase
  - package-ecosystem: "npm"
-    directory: "/superset-frontend/plugins/plugin-chart-cartodiagram/"
+    directory: "/superset-frontend/plugins/legacy-plugin-chart-heatmap/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -298,7 +285,17 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-parallel-coordinates/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/legacy-plugin-chart-sunburst/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -307,12 +304,8 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/plugins/plugin-chart-handlebars/"
    ignore:
      # `just-handlerbars-helpers` library in plugin-chart-handlebars requires `currencyformatter`` to be < 2
      - dependency-name: "currencyformatter.js"
        update-types: ["version-update:semver-major"]
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -322,7 +315,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/generator-superset/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -332,7 +325,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-chart-controls/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -345,9 +338,18 @@ updates:
      # not until React >= 18.0.0
      - dependency-name: "react-markdown"
      - dependency-name: "remark-gfm"
      - dependency-name: "react-error-boundary"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
    open-pull-requests-limit: 5
    versioning-strategy: increase
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-demo/"
    schedule:
      interval: "monthly"
    labels:
      - npm
      - dependabot
@@ -357,7 +359,7 @@ updates:
  - package-ecosystem: "npm"
    directory: "/superset-frontend/packages/superset-ui-switchboard/"
    schedule:
-      interval: "daily"
+      interval: "monthly"
    labels:
      - npm
      - dependabot
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -17,11 +17,6 @@
  - any-glob-to-any-file:
    - 'superset/migrations/**'
 "risk:ci-script":
 - changed-files:
  - any-glob-to-any-file:
    - 'scripts/**'
 ############################################
 # Dependencies
 ############################################
@@ -77,11 +72,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/zh/**'
 "i18n:czech":
 - changed-files:
  - any-glob-to-any-file:
    - 'superset/translations/cs/**'
 "i18n:traditional-chinese":
 - changed-files:
  - any-glob-to-any-file:
@@ -127,11 +117,6 @@
  - any-glob-to-any-file:
    - 'superset/translations/sk/**'
 "i18n:latvian":
 - changed-files:
  - any-glob-to-any-file:
    - 'superset/translations/lv/**'
 "i18n:ukrainian":
 - changed-files:
  - any-glob-to-any-file:
--- a/.github/workflows/bashlib.sh
+++ b/.github/workflows/bashlib.sh
@@ -117,33 +117,6 @@ testdata() {
  say "::endgroup::"
 }
 playwright_testdata() {
  cd "$GITHUB_WORKSPACE"
  say "::group::Load all examples for Playwright tests"
  # must specify PYTHONPATH to make `tests.superset_test_config` importable
  export PYTHONPATH="$GITHUB_WORKSPACE"
  pip install -e .
  superset db upgrade
  superset load_test_users
  superset load_examples
  superset init
  # Enable DML on the examples database so Playwright tests can create/drop
  # temporary tables via SQL Lab without depending on external data sources.
  superset shell <<'PYEOF'
 import sys
 from superset.extensions import db
 from superset.models.core import Database
 examples_db = db.session.query(Database).filter_by(database_name='examples').first()
 if not examples_db:
    sys.exit('ERROR: examples database not found. load_examples may have failed.')
 examples_db.allow_dml = True
 db.session.commit()
 print('Enabled allow_dml on examples database')
 PYEOF
  say "::endgroup::"
 }
 celery-worker() {
  cd "$GITHUB_WORKSPACE"
  say "::group::Start Celery worker"
@@ -209,95 +182,6 @@ cypress-run-all() {
  kill $flaskProcessId
 }
 playwright-install() {
  cd "$GITHUB_WORKSPACE/superset-frontend"
  say "::group::Install Playwright browsers"
  npx playwright install --with-deps chromium
  # Create output directories for test results and debugging
  mkdir -p playwright-results
  mkdir -p test-results
  say "::endgroup::"
 }
 playwright-run() {
  local APP_ROOT=$1
  local TEST_PATH=$2
  # Start Flask from the project root (same as Cypress)
  cd "$GITHUB_WORKSPACE"
  local flasklog="${HOME}/flask-playwright.log"
  local port=8081
  PLAYWRIGHT_BASE_URL="http://localhost:${port}"
  if [ -n "$APP_ROOT" ]; then
    export SUPERSET_APP_ROOT=$APP_ROOT
    PLAYWRIGHT_BASE_URL=${PLAYWRIGHT_BASE_URL}${APP_ROOT}/
  fi
  export PLAYWRIGHT_BASE_URL
  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
  local flaskProcessId=$!
  # Ensure cleanup on exit
  trap "kill $flaskProcessId 2>/dev/null || true" EXIT
  # Wait for server to be ready with health check
  local timeout=60
  say "Waiting for Flask server to start on port $port..."
  while [ $timeout -gt 0 ]; do
    if curl -f ${PLAYWRIGHT_BASE_URL}/health >/dev/null 2>&1; then
      say "Flask server is ready"
      break
    fi
    sleep 1
    timeout=$((timeout - 1))
  done
  if [ $timeout -eq 0 ]; then
    echo "::error::Flask server failed to start within 60 seconds"
    echo "::group::Flask startup log"
    cat "$flasklog"
    echo "::endgroup::"
    return 1
  fi
  # Change to frontend directory for Playwright execution
  cd "$GITHUB_WORKSPACE/superset-frontend"
  say "::group::Run Playwright tests"
  echo "Running Playwright with baseURL: ${PLAYWRIGHT_BASE_URL}"
  if [ -n "$TEST_PATH" ]; then
    # Check if there are any test files in the specified path
    if ! find "playwright/tests/${TEST_PATH}" -name "*.spec.ts" -type f 2>/dev/null | grep -q .; then
      echo "No test files found in ${TEST_PATH} - skipping test run"
      say "::endgroup::"
      kill $flaskProcessId
      return 0
    fi
    echo "Running tests: ${TEST_PATH}"
    # Set INCLUDE_EXPERIMENTAL=true to allow experimental tests to run
    export INCLUDE_EXPERIMENTAL=true
    npx playwright test "${TEST_PATH}" --output=playwright-results
    local status=$?
    # Unset to prevent leaking into subsequent commands
    unset INCLUDE_EXPERIMENTAL
  else
    echo "Running all required tests (experimental/ excluded via playwright.config.ts)"
    npx playwright test --output=playwright-results
    local status=$?
  fi
  say "::endgroup::"
  # After job is done, print out Flask log for debugging
  echo "::group::Flask log for Playwright run"
  cat "$flasklog"
  echo "::endgroup::"
  # make sure the program exits
  kill $flaskProcessId
  return $status
 }
 eyes-storybook-dependencies() {
  say "::group::install eyes-storyook dependencies"
  sudo apt-get update -y && sudo apt-get -y install gconf-service ca-certificates libxshmfence-dev fonts-liberation libappindicator3-1 libasound2 libatk-bridge2.0-0 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgbm1 libgcc1 libgconf-2-4 libglib2.0-0 libgdk-pixbuf2.0-0 libgtk-3-0 libnspr4 libnss3 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 lsb-release xdg-utils libappindicator1
@@ -318,3 +202,26 @@ monitor_memory() {
    sleep 2
  done
 }
 cypress-run-applitools() {
  cd "$GITHUB_WORKSPACE/superset-frontend/cypress-base"
  local flasklog="${HOME}/flask.log"
  local port=8081
  local cypress="./node_modules/.bin/cypress run"
  local browser=${CYPRESS_BROWSER:-chrome}
  export CYPRESS_BASE_URL="http://localhost:${port}"
  nohup flask run --no-debugger -p $port >"$flasklog" 2>&1 </dev/null &
  local flaskProcessId=$!
  $cypress --spec "cypress/applitools/**/*" --browser "$browser" --headless
  say "::group::Flask log for default run"
  cat "$flasklog"
  say "::endgroup::"
  # make sure the program exits
  kill $flaskProcessId
 }
--- a/.github/workflows/bump-python-package.yml
+++ b/.github/workflows/bump-python-package.yml
@@ -32,7 +32,7 @@ jobs:
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: true
          ref: master
@@ -41,7 +41,7 @@ jobs:
        uses: ./.github/actions/setup-supersetbot/
      - name: Set up Python ${{ inputs.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@v5
        with:
          python-version: "3.10"
@@ -51,31 +51,27 @@ jobs:
      - name: supersetbot bump-python -p "${{ github.event.inputs.package }}"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          INPUT_PACKAGE: ${{ github.event.inputs.package }}
          INPUT_GROUP: ${{ github.event.inputs.group }}
          INPUT_EXTRA_FLAGS: ${{ github.event.inputs.extra-flags }}
          INPUT_LIMIT: ${{ github.event.inputs.limit }}
        run: |
          git config --global user.email "action@github.com"
          git config --global user.name "GitHub Action"
          PACKAGE_OPT=""
-          if [ -n "${INPUT_PACKAGE}" ]; then
+          if [ -n "${{ github.event.inputs.package }}" ]; then
-            PACKAGE_OPT="-p ${INPUT_PACKAGE}"
+            PACKAGE_OPT="-p ${{ github.event.inputs.package }}"
          fi
          GROUP_OPT=""
-          if [ -n "${INPUT_GROUP}" ]; then
+          if [ -n "${{ github.event.inputs.group }}" ]; then
-            GROUP_OPT="-g ${INPUT_GROUP}"
+            GROUP_OPT="-g ${{ github.event.inputs.group }}"
          fi
-          EXTRA_FLAGS="${INPUT_EXTRA_FLAGS}"
+          EXTRA_FLAGS="${{ github.event.inputs.extra-flags }}"
          supersetbot bump-python \
            --verbose \
            --use-current-repo \
            --include-subpackages \
-            --limit ${INPUT_LIMIT} \
+            --limit ${{ github.event.inputs.limit }} \
            $PACKAGE_OPT \
            $GROUP_OPT \
            $EXTRA_FLAGS
--- a/.github/workflows/cancel_duplicates.yml
+++ b/.github/workflows/cancel_duplicates.yml
@@ -31,7 +31,7 @@ jobs:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        if: steps.check_queued.outputs.count >= 20
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Cancel duplicate workflow runs
        if: steps.check_queued.outputs.count >= 20
--- a/.github/workflows/check-python-deps.yml
+++ b/.github/workflows/check-python-deps.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/check_db_migration_confict.yml
+++ b/.github/workflows/check_db_migration_confict.yml
@@ -25,9 +25,9 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Check and notify
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{ github.token }}
          script: |
@@ -69,7 +69,7 @@ jobs:
                    `❗ @${pull.user.login} Your base branch \`${currentBranch}\` has ` +
                    'also updated `superset/migrations`.\n' +
                    '\n' +
-                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://superset.apache.org/docs/contributing/development#merging-db-migrations).**',
+                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#merging-db-migrations).**',
                });
              }
            }
--- a/.github/workflows/claude.yml
+++ b/.github/workflows/claude.yml
@@ -44,7 +44,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Comment access denied
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const message = `👋 Hi @${{ github.event.comment.user.login || github.event.review.user.login || github.event.issue.user.login }}!
@@ -71,12 +71,12 @@ jobs:
      id-token: write
    steps:
    - name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@v4
      with:
        fetch-depth: 1
    - name: Run Claude PR Action
-      uses: anthropics/claude-code-action@5fb899572b81d2bb648d4d187173a2f423a9677c # beta
+      uses: anthropics/claude-code-action@beta
      with:
        anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
        timeout_minutes: "60"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -31,7 +31,7 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Check for file changes
        id: check
@@ -41,7 +41,7 @@ jobs:
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,6 +53,6 @@ jobs:
      - name: Perform CodeQL Analysis
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -27,9 +27,9 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: "Dependency Review"
-        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
+        uses: actions/dependency-review-action@v4
        continue-on-error: true
        with:
          fail-on-severity: critical
@@ -39,9 +39,13 @@ jobs:
          # pkg:npm/store2@2.14.2
          #   adding an exception for an ambigious license on store2, which has been resolved in
          #   the latest version. It's MIT: https://github.com/nbubna/store/blob/master/LICENSE-MIT
          # pkg:npm/applitools/*
          #   adding exception for all applitools modules (eyes-cypress and its dependencies),
          #   which has an explicit OSS license approved by ASF
          #   license: https://applitools.com/legal/open-source-terms-of-use/
          # pkg:npm/node-forge@1.3.1
          #   selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
-          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1
+          allow-dependencies-licenses: pkg:npm/store2@2.14.2, pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/node-forge@1.3.1, pkg:npm/rgbcolor, pkg:npm/jszip@3.10.1
  python-dependency-liccheck:
    # NOTE: Configuration for liccheck lives in our pyproject.yml.
@@ -49,7 +53,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: "Checkout Repository"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -22,7 +22,7 @@ jobs:
    steps:
      - id: set_matrix
        run: |
-          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]'; fi)
+          MATRIX_CONFIG=$(if [ "${{ github.event_name }}" == "pull_request" ]; then echo '["dev", "lean"]'; else echo '["dev", "lean", "py310", "websocket", "dockerize", "py311"]'; fi)
          echo "matrix_config=${MATRIX_CONFIG}" >> $GITHUB_OUTPUT
          echo $GITHUB_OUTPUT
@@ -42,7 +42,7 @@ jobs:
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
@@ -102,7 +102,7 @@ jobs:
          docker history $IMAGE_TAG
      - name: docker-compose sanity check
-        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'dev'
+        if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && (matrix.build_preset == 'dev' || matrix.build_preset == 'lean')
        shell: bash
        run: |
          export SUPERSET_BUILD_TARGET=${{ matrix.build_preset }}
@@ -117,7 +117,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Check for file changes
--- a/.github/workflows/embedded-sdk-release.yml
+++ b/.github/workflows/embedded-sdk-release.yml
@@ -16,12 +16,10 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${NPM_TOKEN}" ]; then
+          if [ -n "${{ (secrets.NPM_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '') || '' }}
  build:
    needs: config
    if: needs.config.outputs.has-secrets
@@ -30,8 +28,8 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+      - uses: actions/setup-node@v4
        with:
          node-version-file: './superset-embedded-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/embedded-sdk-test.yml
+++ b/.github/workflows/embedded-sdk-test.yml
@@ -18,8 +18,8 @@ jobs:
      run:
        working-directory: superset-embedded-sdk
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+      - uses: actions/setup-node@v4
        with:
          node-version-file: './superset-embedded-sdk/.nvmrc'
          registry-url: 'https://registry.npmjs.org'
--- a/.github/workflows/ephemeral-env-pr-close.yml
+++ b/.github/workflows/ephemeral-env-pr-close.yml
@@ -1,10 +1,4 @@
-name: Cleanup ephemeral envs (PR close) [DEPRECATED]
+name: Cleanup ephemeral envs (PR close)
 # ⚠️  DEPRECATION NOTICE ⚠️
 # This workflow is deprecated and will be removed in a future version.
 # The new Superset Showtime workflow handles cleanup automatically.
 # See .github/workflows/showtime.yml and showtime-cleanup.yml for replacements.
 # Migration guide: https://github.com/mistercrunch/superset-showtime
 on:
  pull_request_target:
@@ -20,12 +14,10 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${AWS_ACCESS_KEY_ID}" ]; then
+          if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          AWS_ACCESS_KEY_ID: ${{ (secrets.AWS_ACCESS_KEY_ID != '' && secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}
  ephemeral-env-cleanup:
    needs: config
    if: needs.config.outputs.has-secrets
@@ -35,7 +27,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -58,7 +50,7 @@ jobs:
      - name: Login to Amazon ECR
        if: steps.describe-services.outputs.active == 'true'
        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
+        uses: aws-actions/amazon-ecr-login@v2
      - name: Delete ECR image tag
        if: steps.describe-services.outputs.active == 'true'
@@ -71,7 +63,7 @@ jobs:
      - name: Comment (success)
        if: steps.describe-services.outputs.active == 'true'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
@@ -79,5 +71,5 @@ jobs:
              issue_number: ${{ github.event.number }},
              owner: context.repo.owner,
              repo: context.repo.repo,
-              body: '⚠️ **DEPRECATED WORKFLOW** - Ephemeral environment shutdown and build artifacts deleted. Please migrate to the new Superset Showtime system for future PRs.'
+              body: 'Ephemeral environment shutdown and build artifacts deleted.'
            })
--- a/.github/workflows/ephemeral-env.yml
+++ b/.github/workflows/ephemeral-env.yml
@@ -1,12 +1,4 @@
-name: Ephemeral env workflow [DEPRECATED]
+name: Ephemeral env workflow
 # ⚠️  DEPRECATION NOTICE ⚠️
 # This workflow is deprecated and will be removed in a future version.
 # Please use the new Superset Showtime workflow instead:
 # - Use label "🎪 trigger-start" instead of "testenv-up"
 # - Showtime provides better reliability and easier management
 # - See .github/workflows/showtime.yml for the replacement
 # - Migration guide: https://github.com/mistercrunch/superset-showtime
 # Example manual trigger:
 # gh workflow run ephemeral-env.yml --ref fix_ephemerals --field label_name="testenv-up" --field issue_number=666
@@ -47,7 +39,7 @@ jobs:
        id: eval-label
        run: |
          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
-            LABEL_NAME="${INPUT_LABEL_NAME}"
+            LABEL_NAME="${{ github.event.inputs.label_name }}"
          else
            LABEL_NAME="${{ github.event.label.name }}"
          fi
@@ -60,12 +52,10 @@ jobs:
            echo "result=noop" >> $GITHUB_OUTPUT
          fi
        env:
          INPUT_LABEL_NAME: ${{ github.event.inputs.label_name }}
      - name: Get event SHA
        id: get-sha
        if: steps.eval-label.outputs.result == 'up'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
@@ -96,7 +86,7 @@ jobs:
            core.setOutput("sha", prSha);
      - name: Looking for feature flags in PR description
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        id: eval-feature-flags
        if: steps.eval-label.outputs.result == 'up'
        with:
@@ -118,7 +108,7 @@ jobs:
            return results;
      - name: Reply with confirmation comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        if: steps.eval-label.outputs.result == 'up'
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -136,11 +126,8 @@ jobs:
              throw new Error("Issue number is not available.");
            }
-            const body = `⚠️ **DEPRECATED WORKFLOW** ⚠️\n\n@${user} This workflow is deprecated! Please use the new **Superset Showtime** system instead:\n\n` +
+            const body = `@${user} Processing your ephemeral environment request [here](${workflowUrl}).` +
-              `- Replace "testenv-up" label with "🎪 trigger-start"\n` +
+              ` Action: **${action}**.` +
              `- Better reliability and easier management\n` +
              `- See https://github.com/mistercrunch/superset-showtime for details\n\n` +
              `Processing your ephemeral environment request [here](${workflowUrl}). Action: **${action}**.` +
              ` More information on [how to use or configure ephemeral environments]` +
              `(https://superset.apache.org/docs/contributing/howtos/#github-ephemeral-environments)`;
@@ -162,7 +149,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ needs.ephemeral-env-label.outputs.sha }} : ${{steps.get-sha.outputs.sha}} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          ref: ${{ needs.ephemeral-env-label.outputs.sha }}
          persist-credentials: false
@@ -191,7 +178,7 @@ jobs:
            --extra-flags "--build-arg INCLUDE_CHROMIUM=false"
      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -199,7 +186,7 @@ jobs:
      - name: Login to Amazon ECR
        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
+        uses: aws-actions/amazon-ecr-login@v2
      - name: Load, tag and push image to ECR
        id: push-image
@@ -222,12 +209,12 @@ jobs:
      pull-requests: write
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -235,7 +222,7 @@ jobs:
      - name: Login to Amazon ECR
        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
+        uses: aws-actions/amazon-ecr-login@v2
      - name: Check target image exists in ECR
        id: check-image
@@ -250,7 +237,7 @@ jobs:
      - name: Fail on missing container image
        if: steps.check-image.outcome == 'failure'
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{ github.token }}
          script: |
@@ -265,7 +252,7 @@ jobs:
      - name: Fill in the new image ID in the Amazon ECS task definition
        id: task-def
-        uses: aws-actions/amazon-ecs-render-task-definition@6853cfae8c3a7d978fbf68b5a55453395541dfbb # v1
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: .github/workflows/ecs-task-definition.json
          container-name: superset-ci
@@ -278,9 +265,7 @@ jobs:
      - name: Describe ECS service
        id: describe-services
        run: |
-          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${INPUT_ISSUE_NUMBER}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
+          echo "active=$(aws ecs describe-services --cluster superset-ci --services pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.services[] | select(.status == "ACTIVE") | any')" >> $GITHUB_OUTPUT
        env:
          INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
      - name: Create ECS service
        id: create-service
        if: steps.describe-services.outputs.active != 'true'
@@ -300,7 +285,7 @@ jobs:
          --tags key=pr,value=$PR_NUMBER key=github_user,value=${{ github.actor }}
      - name: Deploy Amazon ECS task definition
        id: deploy-task
-        uses: aws-actions/amazon-ecs-deploy-task-definition@a310a830f5c14e583e35d84e4e1ec7dd177c3c9c # v2
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          service: pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service
@@ -311,9 +296,7 @@ jobs:
      - name: List tasks
        id: list-tasks
        run: |
-          echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${INPUT_ISSUE_NUMBER}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
+          echo "task=$(aws ecs list-tasks --cluster superset-ci --service-name pr-${{ github.event.inputs.issue_number || github.event.pull_request.number }}-service | jq '.taskArns | first')" >> $GITHUB_OUTPUT
        env:
          INPUT_ISSUE_NUMBER: ${{ github.event.inputs.issue_number || github.event.pull_request.number }}
      - name: Get network interface
        id: get-eni
        run: |
@@ -324,7 +307,7 @@ jobs:
          echo "ip=$(aws ec2 describe-network-interfaces --network-interface-ids ${{ steps.get-eni.outputs.eni }} | jq -r '.NetworkInterfaces | first | .Association.PublicIp')" >> $GITHUB_OUTPUT
      - name: Comment (success)
        if: ${{ success() }}
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
@@ -337,7 +320,7 @@ jobs:
            });
      - name: Comment (failure)
        if: ${{ failure() }}
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          github-token: ${{github.token}}
          script: |
--- a/.github/workflows/generate-FOSSA-report.yml
+++ b/.github/workflows/generate-FOSSA-report.yml
@@ -16,12 +16,10 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${FOSSA_API_KEY}" ]; then
+          if [ -n "${{ (secrets.FOSSA_API_KEY != '' ) || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          FOSSA_API_KEY: ${{ (secrets.FOSSA_API_KEY != '' ) || '' }}
  license_check:
    needs: config
    if: needs.config.outputs.has-secrets
@@ -29,12 +27,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: "11"
--- a/.github/workflows/github-action-validator.yml
+++ b/.github/workflows/github-action-validator.yml
@@ -14,10 +14,10 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: '20'
--- a/.github/workflows/issue_creation.yml
+++ b/.github/workflows/issue_creation.yml
@@ -17,7 +17,7 @@ jobs:
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -9,7 +9,7 @@ jobs:
      pull-requests: write
    runs-on: ubuntu-24.04
    steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v5
      with:
        sync-labels: true
--- a/.github/workflows/latest-release-tag.yml
+++ b/.github/workflows/latest-release-tag.yml
@@ -12,7 +12,7 @@ jobs:
    steps:
    - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      uses: actions/checkout@v4
      with:
        persist-credentials: false
        submodules: recursive
--- a/.github/workflows/license-check.yml
+++ b/.github/workflows/license-check.yml
@@ -15,12 +15,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
-        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '11'
--- a/.github/workflows/no-hold-label.yml
+++ b/.github/workflows/no-hold-label.yml
@@ -4,9 +4,6 @@ on:
  pull_request:
    types: [labeled, unlabeled, opened, reopened, synchronize]
 permissions:
  pull-requests: read
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -17,7 +14,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
    - name: Check for 'hold' label
-      uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      uses: actions/github-script@v7
      with:
        github-token: ${{secrets.GITHUB_TOKEN}}
        script: |
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -8,9 +8,6 @@ on:
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
 permissions:
  contents: read
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
@@ -24,7 +21,7 @@ jobs:
        python-version: ["current", "previous", "next"]
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -42,7 +39,7 @@ jobs:
          echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
          brew install norwoodj/tap/helm-docs
      - name: Setup Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: '20'
@@ -57,32 +54,24 @@ jobs:
          yarn install --immutable
      - name: Cache pre-commit environments
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
+        uses: actions/cache@v4
        with:
          path: ~/.cache/pre-commit
          key: pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
            pre-commit-v2-${{ runner.os }}-py${{ matrix.python-version }}-
      - name: Get changed files
        id: changed_files
        uses: ./.github/actions/file-changes-action
        with:
          output: ' '
      - name: pre-commit
        run: |
          set +e  # Don't exit immediately on failure
-          export SKIP=type-checking-frontend
+          export SKIP=eslint-frontend,type-checking-frontend
-          pre-commit run --files ${{ steps.changed_files.outputs.files }}
+          pre-commit run --all-files
          PRE_COMMIT_EXIT_CODE=$?
          git diff --quiet --exit-code
          GIT_DIFF_EXIT_CODE=$?
          if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ] || [ "${GIT_DIFF_EXIT_CODE}" -ne 0 ]; then
            if [ "${PRE_COMMIT_EXIT_CODE}" -ne 0 ]; then
-              echo "❌ Pre-commit check failed (exit code: ${PRE_COMMIT_EXIT_CODE})."
+              echo "❌ Pre-commit check failed (exit code: ${EXIT_CODE})."
              echo "🔍 Modified files:"
              git diff --name-only
            else
              echo "❌ Git working directory is dirty."
              echo "📌 This likely means that pre-commit made changes that were not committed."
--- a/.github/workflows/prefer-typescript.yml
+++ b/.github/workflows/prefer-typescript.yml
@@ -0,0 +1,70 @@
 name: Prefer TypeScript
 on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
    paths:
      - "superset-frontend/src/**"
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
    paths:
      - "superset-frontend/src/**"
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  prefer_typescript:
    if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
    name: Prefer TypeScript
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Get changed files
        id: changed
        uses: ./.github/actions/file-changes-action
        with:
          githubToken: ${{ github.token }}
      - name: Determine if a .js or .jsx file was added
        id: check
        run: |
          js_files_added() {
            jq -r '
              map(
                select(
                  endswith(".js") or endswith(".jsx")
                )
              ) | join("\n")
            ' ${HOME}/files_added.json
          }
          echo "js_files_added=$(js_files_added)" >> $GITHUB_OUTPUT
      - if: steps.check.outputs.js_files_added
        name: Add Comment to PR
        uses: ./.github/actions/comment-on-pr
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          msg: |
            ### WARNING: Prefer TypeScript
            Looks like your PR contains new `.js` or `.jsx` files:
            ```
            ${{steps.check.outputs.js_files_added}}
            ```
            As decided in [SIP-36](https://github.com/apache/superset/issues/9101), all new frontend code should be written in TypeScript. Please convert above files to TypeScript then re-request review.
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,19 +16,17 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${NPM_TOKEN}" ]; then
+          if [ -n "${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          NPM_TOKEN: ${{ (secrets.NPM_TOKEN != '' && secrets.GH_PERSONAL_ACCESS_TOKEN != '') || '' }}
  build:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Bump version and publish package(s)
    runs-on: ubuntu-24.04
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
        with:
          # pulls all commits (needed for lerna / semantic release to correctly version)
          fetch-depth: 0
@@ -44,13 +42,13 @@ jobs:
      - name: Install Node.js
        if: env.HAS_TAGS
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
+        uses: actions/cache@v4
        with:
          path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -64,7 +62,7 @@ jobs:
        run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT
      - name: Cache npm
        if: env.HAS_TAGS
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
+        uses: actions/cache@v4
        id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
--- a/.github/workflows/showtime-cleanup.yml
+++ b/.github/workflows/showtime-cleanup.yml
@@ -1,36 +0,0 @@
 name: 🎪 Showtime Cleanup
 # Scheduled cleanup of expired environments
 on:
  schedule:
    - cron: '0 */6 * * *'  # Every 6 hours
  # Manual trigger for testing
  workflow_dispatch:
 # Common environment variables
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  AWS_REGION: ${{ vars.AWS_REGION || 'us-west-2' }}
  GITHUB_ORG: ${{ github.repository_owner }}
  GITHUB_REPO: ${{ github.event.repository.name }}
 jobs:
  cleanup-expired:
    name: Clean up expired showtime environments
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Install Superset Showtime
        run: pip install superset-showtime
      - name: Cleanup expired environments
        run: |
          echo "Cleaning up environments respecting TTL labels"
          python -m showtime cleanup --respect-ttl
--- a/.github/workflows/showtime-trigger.yml
+++ b/.github/workflows/showtime-trigger.yml
@@ -1,183 +0,0 @@
 name: 🎪 Superset Showtime
 # Ultra-simple: just sync on any PR state change
 on:
  pull_request_target:
    types: [labeled, unlabeled, synchronize, closed]
  # Manual testing
  workflow_dispatch:
    inputs:
      pr_number:
        description: 'PR number to sync'
        required: true
        type: number
      sha:
        description: 'Specific SHA to deploy (optional, defaults to latest)'
        required: false
        type: string
 # Common environment variables for all jobs (non-sensitive only)
 env:
  AWS_REGION: us-west-2
  GITHUB_ORG: ${{ github.repository_owner }}
  GITHUB_REPO: ${{ github.event.repository.name }}
  GITHUB_ACTOR: ${{ github.actor }}
 jobs:
  sync:
    name: 🎪 Sync PR to desired state
    runs-on: ubuntu-latest
    timeout-minutes: 90
    permissions:
      contents: read
      pull-requests: write
    steps:
      - name: Security Check - Authorize Maintainers Only
        id: auth
        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          script: |
            const actor = context.actor;
            console.log(`🔍 Checking authorization for ${actor}`);
            // Early exit for workflow_dispatch - assume authorized since it's manually triggered
            if (context.eventName === 'workflow_dispatch') {
              console.log(`✅ Workflow dispatch event - assuming authorized for ${actor}`);
              core.setOutput('authorized', 'true');
              return;
            }
            const { data: permission } = await github.rest.repos.getCollaboratorPermissionLevel({
              owner: context.repo.owner,
              repo: context.repo.repo,
              username: actor
            });
            console.log(`📊 Permission level for ${actor}: ${permission.permission}`);
            const authorized = ['write', 'admin'].includes(permission.permission);
            // If this is a synchronize event from unauthorized user, check if Showtime is active and set blocked label
            if (!authorized && context.eventName === 'pull_request_target' && context.payload.action === 'synchronize') {
              console.log(`🔒 Synchronize event detected - checking if Showtime is active`);
              // Check if PR has any circus tent labels (Showtime is in use)
              const { data: issue } = await github.rest.issues.get({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.payload.pull_request.number
              });
              const hasCircusLabels = issue.labels.some(label => label.name.startsWith('🎪 '));
              if (hasCircusLabels) {
                console.log(`🎪 Circus labels found - setting blocked label to prevent auto-deployment`);
                await github.rest.issues.addLabels({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  issue_number: context.payload.pull_request.number,
                  labels: ['🎪 🔒 showtime-blocked']
                });
                console.log(`✅ Blocked label set - Showtime will detect and skip operations`);
              } else {
                console.log(`ℹ️ No circus labels found - Showtime not in use, skipping block`);
              }
            }
            if (!authorized) {
              console.log(`🚨 Unauthorized user ${actor} - skipping all operations`);
              core.setOutput('authorized', 'false');
              return;
            }
            console.log(`✅ Authorized maintainer: ${actor}`);
            core.setOutput('authorized', 'true');
      - name: Install Superset Showtime
        if: steps.auth.outputs.authorized == 'true'
        run: |
          echo "::notice::Maintainer ${{ github.actor }} triggered deploy for PR ${PULL_REQUEST_NUMBER}"
          pip install --upgrade superset-showtime
          showtime version
        env:
          PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number || github.event.inputs.pr_number }}
      - name: Check what actions are needed
        if: steps.auth.outputs.authorized == 'true'
        id: check
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          INPUT_PR_NUMBER: ${{ github.event.inputs.pr_number }}
          INPUT_SHA: ${{ github.event.inputs.sha }}
        run: |
          # Bulletproof PR number extraction
          if [[ -n "${{ github.event.pull_request.number }}" ]]; then
            PR_NUM="${{ github.event.pull_request.number }}"
          elif [[ -n "${INPUT_PR_NUMBER}" ]]; then
            PR_NUM="${INPUT_PR_NUMBER}"
          else
            echo "❌ No PR number found in event or inputs"
            exit 1
          fi
          echo "Using PR number: $PR_NUM"
          # Run sync check-only with optional SHA override
          if [[ -n "${INPUT_SHA}" ]]; then
            OUTPUT=$(python -m showtime sync $PR_NUM --check-only --sha "${INPUT_SHA}")
          else
            OUTPUT=$(python -m showtime sync $PR_NUM --check-only)
          fi
          echo "$OUTPUT"
          # Extract the outputs we need for conditional steps
          BUILD=$(echo "$OUTPUT" | grep "build_needed=" | cut -d'=' -f2)
          SYNC=$(echo "$OUTPUT" | grep "sync_needed=" | cut -d'=' -f2)
          PR_NUM_OUT=$(echo "$OUTPUT" | grep "pr_number=" | cut -d'=' -f2)
          TARGET_SHA=$(echo "$OUTPUT" | grep "target_sha=" | cut -d'=' -f2)
          echo "build_needed=$BUILD" >> $GITHUB_OUTPUT
          echo "sync_needed=$SYNC" >> $GITHUB_OUTPUT
          echo "pr_number=$PR_NUM_OUT" >> $GITHUB_OUTPUT
          echo "target_sha=$TARGET_SHA" >> $GITHUB_OUTPUT
      - name: Checkout PR code (only if build needed)
        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ steps.check.outputs.target_sha }}
          persist-credentials: false
      - name: Setup Docker Environment (only if build needed)
        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.build_needed == 'true'
        uses: ./.github/actions/setup-docker
        with:
          dockerhub-user: ${{ secrets.DOCKERHUB_USER }}
          dockerhub-token: ${{ secrets.DOCKERHUB_TOKEN }}
          build: "true"
          install-docker-compose: "false"
      - name: Execute sync (handles everything)
        if: steps.auth.outputs.authorized == 'true' && steps.check.outputs.sync_needed == 'true'
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
        run: |
          PR_NUM="${{ steps.check.outputs.pr_number }}"
          TARGET_SHA="${{ steps.check.outputs.target_sha }}"
          if [[ -n "$TARGET_SHA" ]]; then
            python -m showtime sync $PR_NUM --sha "$TARGET_SHA"
          else
            python -m showtime sync $PR_NUM
          fi
--- a/.github/workflows/superset-app-cli.yml
+++ b/.github/workflows/superset-app-cli.yml
@@ -1,67 +0,0 @@
 name: Superset App CLI tests
 on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  test-load-examples:
    runs-on: ubuntu-24.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
      REDIS_PORT: 16379
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
        image: postgres:17-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
        ports:
          # Use custom ports for services to avoid accidentally connecting to
          # GitHub action runner's default installations
          - 15432:5432
      redis:
        image: redis:7-alpine
        ports:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Python
        if: steps.check.outputs.python
        uses: ./.github/actions/setup-backend/
      - name: Setup Postgres
        if: steps.check.outputs.python
        uses: ./.github/actions/cached-dependencies
        with:
          run: setup-postgres
      - name: superset init
        if: steps.check.outputs.python
        run: |
          pip install -e .
          superset db upgrade
          superset load_test_users
      - name: superset load_examples
        if: steps.check.outputs.python
        run: |
          # load examples without test data
          superset load_examples --load-big-data
--- a/.github/workflows/superset-applitool-cypress.yml
+++ b/.github/workflows/superset-applitool-cypress.yml
@@ -0,0 +1,91 @@
 name: Applitools Cypress
 on:
  schedule:
    - cron: "0 1 * * *"
 jobs:
  config:
    runs-on: ubuntu-24.04
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
  cypress-applitools:
    needs: config
    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        browser: ["chrome"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
      APPLITOOLS_APP_NAME: Superset
      APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }}
      APPLITOOLS_BATCH_ID: ${{ github.sha }}
      APPLITOOLS_BATCH_NAME: Superset Cypress
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
        ports:
          - 15432:5432
      redis:
        image: redis:7-alpine
        ports:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          ref: master
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
      - name: Import test data
        uses: ./.github/actions/cached-dependencies
        with:
          run: testdata
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Install npm dependencies
        uses: ./.github/actions/cached-dependencies
        with:
          run: npm-install
      - name: Build javascript packages
        uses: ./.github/actions/cached-dependencies
        with:
          run: build-instrumented-assets
      - name: Setup Postgres
        if: steps.check.outcome == 'failure'
        uses: ./.github/actions/cached-dependencies
        with:
          run: setup-postgres
      - name: Install cypress
        uses: ./.github/actions/cached-dependencies
        with:
          run: cypress-install
      - name: Run Cypress
        uses: ./.github/actions/cached-dependencies
        env:
          CYPRESS_BROWSER: ${{ matrix.browser }}
        with:
          run: cypress-run-applitools
--- a/.github/workflows/superset-applitools-storybook.yml
+++ b/.github/workflows/superset-applitools-storybook.yml
@@ -0,0 +1,52 @@
 name: Applitools Storybook
 on:
  schedule:
    - cron: "0 0 * * *"
 env:
  APPLITOOLS_APP_NAME: Superset
  APPLITOOLS_API_KEY: ${{ secrets.APPLITOOLS_API_KEY }}
  APPLITOOLS_BATCH_ID: ${{ github.sha }}
  APPLITOOLS_BATCH_NAME: Superset Storybook
 jobs:
  config:
    runs-on: ubuntu-24.04
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ -n "${{ (secrets.APPLITOOLS_API_KEY != '' && secrets.APPLITOOLS_API_KEY != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
  cron:
    needs: config
    if: needs.config.outputs.has-secrets
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          ref: master
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Install eyes-storybook dependencies
        uses: ./.github/actions/cached-dependencies
        with:
          run: eyes-storybook-dependencies
      - name: Install NPM dependencies
        uses: ./.github/actions/cached-dependencies
        with:
          run: npm-install
      - name: Run Applitools Eyes-Storybook
        working-directory: ./superset-frontend
        run: npx eyes-storybook -u https://superset-storybook.netlify.app/
--- a/.github/workflows/superset-cli.yml
+++ b/.github/workflows/superset-cli.yml
@@ -0,0 +1,67 @@
 name: Superset CLI tests
 on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  test-load-examples:
    runs-on: ubuntu-24.04
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
      REDIS_PORT: 16379
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
        ports:
          # Use custom ports for services to avoid accidentally connecting to
          # GitHub action runner's default installations
          - 15432:5432
      redis:
        image: redis:7-alpine
        ports:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Python
        if: steps.check.outputs.python
        uses: ./.github/actions/setup-backend/
      - name: Setup Postgres
        if: steps.check.outputs.python
        uses: ./.github/actions/cached-dependencies
        with:
          run: setup-postgres
      - name: superset init
        if: steps.check.outputs.python
        run: |
          pip install -e .
          superset db upgrade
          superset load_test_users
      - name: superset load_examples
        if: steps.check.outputs.python
        run: |
          # load examples without test data
          superset load_examples --load-big-data
--- a/.github/workflows/superset-docs-deploy.yml
+++ b/.github/workflows/superset-docs-deploy.yml
@@ -1,13 +1,6 @@
 name: Docs Deployment
 on:
  # Deploy after integration tests complete on master
  workflow_run:
    workflows: ["Python-Integration"]
    types: [completed]
    branches: [master]
  # Also allow manual trigger and direct pushes to docs
  push:
    paths:
      - "docs/**"
@@ -27,31 +20,28 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${SUPERSET_SITE_BUILD}" ]; then
+          if [ -n "${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          SUPERSET_SITE_BUILD: ${{ (secrets.SUPERSET_SITE_BUILD != '' && secrets.SUPERSET_SITE_BUILD != '') || '' }}
  build-deploy:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Build & Deploy
    runs-on: ubuntu-24.04
    steps:
-      - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.workflow_run.head_sha || github.sha }}
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file: './docs/.nvmrc'
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
+      - uses: actions/setup-java@v4
        with:
          distribution: 'zulu'
          java-version: '21'
@@ -68,35 +58,6 @@ jobs:
        working-directory: docs
        run: |
          yarn install --check-cache
      - name: Download database diagnostics (if triggered by integration tests)
        if: github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'
        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
        continue-on-error: true
        with:
          workflow: superset-python-integrationtest.yml
          run_id: ${{ github.event.workflow_run.id }}
          name: database-diagnostics
          path: docs/src/data/
      - name: Try to download latest diagnostics (for push/dispatch triggers)
        if: github.event_name != 'workflow_run'
        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
        continue-on-error: true
        with:
          workflow: superset-python-integrationtest.yml
          name: database-diagnostics
          path: docs/src/data/
          branch: master
          search_artifacts: true
          if_no_artifact_found: warn
      - name: Use diagnostics artifact if available
        working-directory: docs
        run: |
          if [ -f "src/data/databases-diagnostics.json" ]; then
            echo "Using fresh diagnostics from integration tests"
            mv src/data/databases-diagnostics.json src/data/databases.json
          else
            echo "Using committed databases.json (no artifact found)"
          fi
      - name: yarn build
        working-directory: docs
        run: |
@@ -110,5 +71,5 @@ jobs:
          destination-github-username: "apache"
          destination-repository-name: "superset-site"
          target-branch: "asf-site"
-          commit-message: "deploying docs: ${{ github.event.head_commit.message || 'triggered by integration tests' }} (apache/superset@${{ github.event.workflow_run.head_sha || github.sha }})"
+          commit-message: "deploying docs: ${{ github.event.head_commit.message }} (apache/superset@${{ github.sha }})"
          user-email: dev@superset.apache.org
--- a/.github/workflows/superset-docs-verify.yml
+++ b/.github/workflows/superset-docs-verify.yml
@@ -4,37 +4,29 @@ on:
  pull_request:
    paths:
      - "docs/**"
      - "superset/db_engine_specs/**"
      - ".github/workflows/superset-docs-verify.yml"
    types: [synchronize, opened, reopened, ready_for_review]
  workflow_run:
    workflows: ["Python-Integration"]
    types: [completed]
 # cancel previous workflow jobs for PRs
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_sha || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  linkinator:
    # See docs here: https://github.com/marketplace/actions/linkinator
    # Only run on pull_request, not workflow_run
    if: github.event_name == 'pull_request'
    name: Link Checking
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@v4
      # Do not bump this linkinator-action version without opening
      # an ASF Infra ticket to allow the new version first!
-      - uses: JustinBeckwith/linkinator-action@af984b9f30f63e796ae2ea5be5e07cb587f1bbd9  # v2.3
+      - uses: JustinBeckwith/linkinator-action@v1.11.0
        continue-on-error: true # This will make the job advisory (non-blocking, no red X)
        with:
-          paths: "**/*.md, **/*.mdx"
+          paths: "**/*.md, **/*.mdx, !superset-frontend/CHANGELOG.md"
          linksToSkip: >-
-            ^https://github.com/apache/(superset|incubator-superset)/(pull|issues)/\d+,
+            ^https://github.com/apache/(superset|incubator-superset)/(pull|issue)/\d+,
            ^https://github.com/apache/(superset|incubator-superset)/commit/[a-f0-9]+,
            superset-frontend/.*CHANGELOG\.md,
            http://localhost:8088/,
            http://127.0.0.1:3000/,
            http://localhost:9001/,
@@ -49,30 +41,27 @@ jobs:
            http://theiconic.com.au/,
            https://dev.mysql.com/doc/refman/5.7/en/innodb-limits.html,
            ^https://img\.shields\.io/.*,
-            https://vkusvill.ru/,
+            https://vkusvill.ru/
-            https://www.linkedin.com/in/mark-thomas-b16751158/,
+            https://www.linkedin.com/in/mark-thomas-b16751158/
-            https://theiconic.com.au/,
+            https://theiconic.com.au/
-            https://wattbewerb.de/,
+            https://wattbewerb.de/
-            https://timbr.ai/,
+            https://timbr.ai/
-            https://opensource.org/license/apache-2-0,
+            https://opensource.org/license/apache-2-0
            https://www.plaidcloud.com/
-
+  build-deploy:
-  build-on-pr:
+    name: Build & Deploy
    # Build docs when PR changes docs/** (uses committed databases.json)
    if: github.event_name == 'pull_request'
    name: Build (PR trigger)
    runs-on: ubuntu-24.04
    defaults:
      run:
        working-directory: docs
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file: './docs/.nvmrc'
      - name: yarn install
@@ -84,51 +73,3 @@ jobs:
      - name: yarn build
        run: |
          yarn build
  build-after-tests:
    # Build docs after integration tests complete (uses fresh diagnostics)
    # Only runs if integration tests succeeded
    if: >
      github.event_name == 'workflow_run' &&
      github.event.workflow_run.conclusion == 'success'
    name: Build (after integration tests)
    runs-on: ubuntu-24.04
    defaults:
      run:
        working-directory: docs
    steps:
      - name: "Checkout PR head: ${{ github.event.workflow_run.head_sha }}"
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          ref: ${{ github.event.workflow_run.head_sha }}
          persist-credentials: false
          submodules: recursive
      - name: Set up Node.js
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: './docs/.nvmrc'
      - name: yarn install
        run: |
          yarn install --check-cache
      - name: Download database diagnostics from integration tests
        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
        with:
          workflow: superset-python-integrationtest.yml
          run_id: ${{ github.event.workflow_run.id }}
          name: database-diagnostics
          path: docs/src/data/
          if_no_artifact_found: 'warning'
      - name: Use fresh diagnostics
        run: |
          if [ -f "src/data/databases-diagnostics.json" ]; then
            echo "Using fresh diagnostics from integration tests"
            mv src/data/databases-diagnostics.json src/data/databases.json
          else
            echo "Warning: No diagnostics artifact found, using committed data"
          fi
      - name: yarn typecheck
        run: |
          yarn typecheck
      - name: yarn build
        run: |
          yarn build
--- a/.github/workflows/superset-e2e.yml
+++ b/.github/workflows/superset-e2e.yml
@@ -54,7 +54,7 @@ jobs:
      USE_DASHBOARD: ${{ github.event.inputs.use_dashboard == 'true' || 'false' }}
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -69,21 +69,21 @@ jobs:
      # Conditional checkout based on context
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
@@ -109,7 +109,7 @@ jobs:
          run: testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Install npm dependencies
@@ -146,123 +146,8 @@ jobs:
          SAFE_APP_ROOT=${APP_ROOT//\//_}
          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
      - name: Upload Artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
+        uses: actions/upload-artifact@v4
        if: failure()
        with:
          path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
          name: cypress-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}-${{ matrix.parallel_id }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
  playwright-tests:
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      pull-requests: read
    strategy:
      fail-fast: false
      matrix:
        browser: ["chromium"]
        app_root: ["", "/app/prefix"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
    services:
      postgres:
        image: postgres:17-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
        ports:
          - 15432:5432
      redis:
        image: redis:7-alpine
        ports:
          - 16379:6379
    steps:
      # -------------------------------------------------------
      # Conditional checkout based on context (same as Cypress workflow)
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
          submodules: recursive
      # -------------------------------------------------------
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
        if: steps.check.outputs.python || steps.check.outputs.frontend
      - name: Setup postgres
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: setup-postgres
      - name: Import test data
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: playwright_testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: npm-install
      - name: Build javascript packages
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: build-instrumented-assets
      - name: Install Playwright
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: playwright-install
      - name: Run Playwright (Required Tests)
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        env:
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
          run: playwright-run "${{ matrix.app_root }}"
      - name: Set safe app root
        if: failure()
        id: set-safe-app-root
        run: |
          APP_ROOT="${{ matrix.app_root }}"
          SAFE_APP_ROOT=${APP_ROOT//\//_}
          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
      - name: Upload Playwright Artifacts
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        if: failure()
        with:
          path: |
            ${{ github.workspace }}/superset-frontend/playwright-results/
            ${{ github.workspace }}/superset-frontend/test-results/
          name: playwright-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
--- a/.github/workflows/superset-extensions-cli.yml
+++ b/.github/workflows/superset-extensions-cli.yml
@@ -1,64 +0,0 @@
 name: Superset Extensions CLI Package Tests
 on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
 # cancel previous workflow jobs for PRs
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  test-superset-extensions-cli-package:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        python-version: ["previous", "current", "next"]
    defaults:
      run:
        working-directory: superset-extensions-cli
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Python
        if: steps.check.outputs.superset-extensions-cli
        uses: ./.github/actions/setup-backend/
        with:
          python-version: ${{ matrix.python-version }}
          requirements-type: dev
      - name: Run pytest with coverage
        if: steps.check.outputs.superset-extensions-cli
        run: |
          pytest --cov=superset_extensions_cli --cov-report=xml --cov-report=term-missing --cov-report=html -v --tb=short
      - name: Upload coverage reports to Codecov
        if: steps.check.outputs.superset-extensions-cli
        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
        with:
          file: ./coverage.xml
          flags: superset-extensions-cli
          name: superset-extensions-cli-coverage
          fail_ci_if_error: false
      - name: Upload HTML coverage report
        if: steps.check.outputs.superset-extensions-cli
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        with:
          name: superset-extensions-cli-coverage-html
          path: htmlcov/
--- a/.github/workflows/superset-frontend.yml
+++ b/.github/workflows/superset-frontend.yml
@@ -23,7 +23,7 @@ jobs:
      should-run: ${{ steps.check.outputs.frontend }}
    steps:
      - name: Checkout Code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          fetch-depth: 0
@@ -47,21 +47,21 @@ jobs:
          git show -s --format=raw HEAD
          docker buildx build \
            -t $TAG \
-            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-trixie \
+            --cache-from=type=registry,ref=apache/superset-cache:3.10-slim-bookworm \
            --target superset-node-ci \
            .
      - name: Save Docker Image as Artifact
        if: steps.check.outputs.frontend
        run: |
-          docker save $TAG | zstd -3 --threads=0 > docker-image.tar.zst
+          docker save $TAG | gzip > docker-image.tar.gz
      - name: Upload Docker Image Artifact
        if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
+        uses: actions/upload-artifact@v4
        with:
          name: docker-image
-          path: docker-image.tar.zst
+          path: docker-image.tar.gz
  sharded-jest-tests:
    needs: frontend-build
@@ -73,13 +73,12 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@v4
        with:
          name: docker-image
      - name: Load Docker Image
-        run: |
+        run: docker load < docker-image.tar.gz
          zstd -d < docker-image.tar.zst | docker load
      - name: npm run test with coverage
        run: |
@@ -88,10 +87,10 @@ jobs:
          -v ${{ github.workspace }}/superset-frontend/coverage:/app/superset-frontend/coverage \
          --rm $TAG \
          bash -c \
-          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json"
+          "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json-summary"
      - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
+        uses: actions/upload-artifact@v4
        with:
          name: coverage-artifacts-${{ matrix.shard }}
          path: superset-frontend/coverage
@@ -100,40 +99,25 @@ jobs:
    needs: [sharded-jest-tests]
    if: needs.frontend-build.outputs.should-run == 'true'
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    steps:
      - name: Checkout Code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          fetch-depth: 0
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Download Coverage Artifacts
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@v4
        with:
          pattern: coverage-artifacts-*
          path: coverage/
-      - name: Reorganize test result reports
+      - name: Show Files
-        run: |
+        run: find coverage/
          find coverage/
          for i in {1..8}; do
            mv coverage/coverage-artifacts-${i}/coverage-final.json coverage/coverage-shard-${i}.json
          done
        shell: bash
      - name: Merge Code Coverage
        run: npx nyc merge coverage/ merged-output/coverage-summary.json
      - name: Upload Code Coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: javascript
-          use_oidc: true
+          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          disable_search: true
          files: merged-output/coverage-summary.json
          slug: apache/superset
@@ -143,23 +127,23 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@v4
        with:
          name: docker-image
      - name: Load Docker Image
        run: |
-          zstd -d < docker-image.tar.zst | docker load
+          docker load < docker-image.tar.gz
-      - name: lint
+      - name: eslint
        run: |
          docker run --rm $TAG bash -c \
-          "npm i && npm run lint"
+          "npm i && npm run eslint -- . --quiet"
      - name: tsc
        run: |
          docker run --rm $TAG bash -c \
-          "npm i && npm run plugins:build && npm run type"
+          "npm run type"
  validate-frontend:
    needs: frontend-build
@@ -167,34 +151,19 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@v4
        with:
          name: docker-image
      - name: Load Docker Image
-        run: |
+        run: docker load < docker-image.tar.gz
          zstd -d < docker-image.tar.zst | docker load
      - name: Build Plugins Packages
        run: |
          docker run --rm $TAG bash -c \
          "npm run plugins:build"
-  test-storybook:
+      - name: Build Plugins Storybook
    needs: frontend-build
    if: needs.frontend-build.outputs.should-run == 'true'
    runs-on: ubuntu-24.04
    steps:
      - name: Download Docker Image Artifact
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
        with:
          name: docker-image
      - name: Load Docker Image
        run: |
          zstd -d < docker-image.tar.zst | docker load
      - name: Build Storybook and Run Tests
        run: |
          docker run --rm $TAG bash -c \
-          "npm run build-storybook && npx playwright install-deps && npx playwright install chromium && npm run test-storybook:ci"
+          "npm run plugins:build-storybook"
--- a/.github/workflows/superset-helm-lint.yml
+++ b/.github/workflows/superset-helm-lint.yml
@@ -16,14 +16,14 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
          fetch-depth: 0
      - name: Set up Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@v4
        with:
          version: v3.16.4
--- a/.github/workflows/superset-helm-release.yml
+++ b/.github/workflows/superset-helm-release.yml
@@ -29,7 +29,7 @@ jobs:
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.ref || github.ref_name }}
          persist-credentials: true
@@ -42,7 +42,7 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
      - name: Install Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@v4
        with:
          version: v3.5.4
@@ -101,7 +101,7 @@ jobs:
          CR_RELEASE_NAME_TEMPLATE: "superset-helm-chart-{{ .Version }}"
      - name: Open Pull Request
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const branchName = '${{ env.branch_name }}';
--- a/.github/workflows/superset-playwright.yml
+++ b/.github/workflows/superset-playwright.yml
@@ -1,142 +0,0 @@
 name: Playwright Experimental Tests
 on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"
  pull_request:
    types: [synchronize, opened, reopened, ready_for_review]
  workflow_dispatch:
    inputs:
      ref:
        description: 'The branch or tag to checkout'
        required: false
        default: ''
      pr_id:
        description: 'The pull request ID to checkout'
        required: false
        default: ''
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
  cancel-in-progress: true
 jobs:
  # NOTE: Required Playwright tests are in superset-e2e.yml (E2E / playwright-tests)
  # This workflow contains only experimental tests that run in shadow mode
  playwright-tests-experimental:
    runs-on: ubuntu-22.04
    continue-on-error: true
    permissions:
      contents: read
      pull-requests: read
    strategy:
      fail-fast: false
      matrix:
        browser: ["chromium"]
        app_root: ["", "/app/prefix"]
    env:
      SUPERSET_ENV: development
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
      PYTHONPATH: ${{ github.workspace }}
      REDIS_PORT: 16379
      GITHUB_TOKEN: ${{ github.token }}
    services:
      postgres:
        image: postgres:17-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
        ports:
          - 15432:5432
      redis:
        image: redis:7-alpine
        ports:
          - 16379:6379
    steps:
      # -------------------------------------------------------
      # Conditional checkout based on context (same as Cypress workflow)
      - name: Checkout for push or pull_request event
        if: github.event_name == 'push' || github.event_name == 'pull_request'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          submodules: recursive
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
      - name: Checkout using ref (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.ref != ''
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: ${{ github.event.inputs.ref }}
          submodules: recursive
      - name: Checkout using PR ID (workflow_dispatch)
        if: github.event_name == 'workflow_dispatch' && github.event.inputs.pr_id != ''
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
        with:
          persist-credentials: false
          ref: refs/pull/${{ github.event.inputs.pr_id }}/merge
          submodules: recursive
      # -------------------------------------------------------
      - name: Check for file changes
        id: check
        uses: ./.github/actions/change-detector/
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup Python
        uses: ./.github/actions/setup-backend/
        if: steps.check.outputs.python || steps.check.outputs.frontend
      - name: Setup postgres
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: setup-postgres
      - name: Import test data
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: playwright_testdata
      - name: Setup Node.js
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version-file: './superset-frontend/.nvmrc'
      - name: Install npm dependencies
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: npm-install
      - name: Build javascript packages
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: build-instrumented-assets
      - name: Install Playwright
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        with:
          run: playwright-install
      - name: Run Playwright (Experimental Tests)
        if: steps.check.outputs.python || steps.check.outputs.frontend
        uses: ./.github/actions/cached-dependencies
        env:
          NODE_OPTIONS: "--max-old-space-size=4096"
        with:
          run: playwright-run "${{ matrix.app_root }}" experimental/
      - name: Set safe app root
        if: failure()
        id: set-safe-app-root
        run: |
          APP_ROOT="${{ matrix.app_root }}"
          SAFE_APP_ROOT=${APP_ROOT//\//_}
          echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
      - name: Upload Playwright Artifacts
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        if: failure()
        with:
          path: |
            ${{ github.workspace }}/superset-frontend/playwright-results/
            ${{ github.workspace }}/superset-frontend/test-results/
          name: playwright-experimental-artifact-${{ github.run_id }}-${{ github.job }}-${{ matrix.browser }}--${{ steps.set-safe-app-root.outputs.safe_app_root }}
--- a/.github/workflows/superset-python-integrationtest.yml
+++ b/.github/workflows/superset-python-integrationtest.yml
@@ -16,8 +16,6 @@ concurrency:
 jobs:
  test-mysql:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -43,7 +41,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -70,46 +68,13 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,mysql
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
      - name: Generate database diagnostics for docs
        if: steps.check.outputs.python
        env:
          SUPERSET_CONFIG: tests.integration_tests.superset_test_config
          SUPERSET__SQLALCHEMY_DATABASE_URI: |
            mysql+mysqldb://superset:superset@127.0.0.1:13306/superset?charset=utf8mb4&binary_prefix=true
        run: |
          python -c "
          import json
          from superset.app import create_app
          from superset.db_engine_specs.lib import generate_yaml_docs
          app = create_app()
          with app.app_context():
              docs = generate_yaml_docs()
              # Wrap in the expected format
              output = {
                  'generated': '$(date -Iseconds)',
                  'databases': docs
              }
              with open('databases-diagnostics.json', 'w') as f:
                  json.dump(output, f, indent=2, default=str)
              print(f'Generated diagnostics for {len(docs)} databases')
          "
      - name: Upload database diagnostics artifact
        if: steps.check.outputs.python
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
        with:
          name: database-diagnostics
          path: databases-diagnostics.json
          retention-days: 7
  test-postgres:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    strategy:
      matrix:
        python-version: ["current", "previous", "next"]
@@ -120,7 +85,7 @@ jobs:
      SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -134,7 +99,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -164,17 +129,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,postgres
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
  test-sqlite:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -190,7 +152,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -219,9 +181,8 @@ jobs:
        run: |
          ./scripts/python_tests.sh
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,sqlite
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
--- a/.github/workflows/superset-python-presto-hive.yml
+++ b/.github/workflows/superset-python-presto-hive.yml
@@ -17,8 +17,6 @@ concurrency:
 jobs:
  test-postgres-presto:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -27,7 +25,7 @@ jobs:
      SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -50,7 +48,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -79,17 +77,14 @@ jobs:
        run: |
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,presto
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
  test-postgres-hive:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    env:
      PYTHONPATH: ${{ github.workspace }}
      SUPERSET_CONFIG: tests.integration_tests.superset_test_config
@@ -99,7 +94,7 @@ jobs:
      UPLOAD_FOLDER: /tmp/.superset/uploads/
    services:
      postgres:
-        image: postgres:17-alpine
+        image: postgres:16-alpine
        env:
          POSTGRES_USER: superset
          POSTGRES_PASSWORD: superset
@@ -113,7 +108,7 @@ jobs:
          - 16379:6379
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -150,9 +145,8 @@ jobs:
          pip install -e .[hive]
          ./scripts/python_tests.sh -m 'chart_data_flow or sql_json_flow'
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,hive
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
--- a/.github/workflows/superset-python-unittest.yml
+++ b/.github/workflows/superset-python-unittest.yml
@@ -17,8 +17,6 @@ concurrency:
 jobs:
  unit-tests:
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
    strategy:
      matrix:
        python-version: ["previous", "current", "next"]
@@ -26,7 +24,7 @@ jobs:
      PYTHONPATH: ${{ github.workspace }}
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -54,11 +52,9 @@ jobs:
          SUPERSET_SECRET_KEY: not-a-secret
        run: |
          pytest --durations-min=0.5 --cov=superset/sql/ ./tests/unit_tests/sql/ --cache-clear --cov-fail-under=100
          pytest --durations-min=0.5 --cov=superset/semantic_layers/ ./tests/unit_tests/semantic_layers/ --cache-clear --cov-fail-under=100
      - name: Upload code coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v5
+        uses: codecov/codecov-action@v5
        with:
          flags: python,unit
          token: ${{ secrets.CODECOV_TOKEN }}
          verbose: true
          use_oidc: true
          slug: apache/superset
--- a/.github/workflows/superset-translations.yml
+++ b/.github/workflows/superset-translations.yml
@@ -18,7 +18,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -31,7 +31,7 @@ jobs:
      - name: Setup Node.js
        if: steps.check.outputs.frontend
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file:  './superset-frontend/.nvmrc'
      - name: Install dependencies
@@ -49,7 +49,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
          submodules: recursive
@@ -62,10 +62,6 @@ jobs:
      - name: Setup Python
        if: steps.check.outputs.python
        uses: ./.github/actions/setup-backend/
      - name: Install msgcat
        run: sudo apt update && sudo apt install gettext
      - name: Test babel extraction
        if: steps.check.outputs.python
        run: ./scripts/translations/babel_update.sh
--- a/.github/workflows/superset-websocket.yml
+++ b/.github/workflows/superset-websocket.yml
@@ -21,7 +21,7 @@ jobs:
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Install dependencies
--- a/.github/workflows/supersetbot.yml
+++ b/.github/workflows/supersetbot.yml
@@ -26,7 +26,7 @@ jobs:
    steps:
      - name: Quickly add thumbs up!
        if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot')
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@v7
        with:
          script: |
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/')
@@ -38,7 +38,7 @@ jobs:
            });
      - name: "Checkout ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          persist-credentials: false
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -31,12 +31,10 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${DOCKERHUB_USER}" ]; then
+          if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          DOCKERHUB_USER: ${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}
  docker-release:
    needs: config
    if: needs.config.outputs.has-secrets
@@ -44,12 +42,12 @@ jobs:
    runs-on: ubuntu-24.04
    strategy:
      matrix:
-        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311", "py312"]
+        build_preset: ["dev", "lean", "py310", "websocket", "dockerize", "py311"]
      fail-fast: false
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
@@ -62,7 +60,7 @@ jobs:
          build: "true"
      - name: Use Node.js 20
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: 20
@@ -74,20 +72,17 @@ jobs:
          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          INPUT_RELEASE: ${{ github.event.inputs.release }}
          INPUT_FORCE_LATEST: ${{ github.event.inputs.force-latest }}
          INPUT_GIT_REF: ${{ github.event.inputs.git-ref }}
        run: |
          RELEASE="${{ github.event.release.tag_name }}"
          FORCE_LATEST=""
          EVENT="${{github.event_name}}"
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            # in the case of a manually-triggered run, read release from input
-            RELEASE="${INPUT_RELEASE}"
+            RELEASE="${{ github.event.inputs.release }}"
-            if [ "${INPUT_FORCE_LATEST}" = "true" ]; then
+            if [ "${{ github.event.inputs.force-latest }}" = "true" ]; then
              FORCE_LATEST="--force-latest"
            fi
-            git checkout "${INPUT_GIT_REF}"
+            git checkout "${{ github.event.inputs.git-ref }}"
            EVENT="release"
          fi
@@ -112,12 +107,12 @@ jobs:
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Use Node.js 20
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version: 20
@@ -127,7 +122,6 @@ jobs:
      - name: Label the PRs with the right release-related labels
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          INPUT_RELEASE: ${{ github.event.inputs.release }}
        run: |
          export GITHUB_ACTOR=""
          git fetch --all --tags
@@ -135,6 +129,6 @@ jobs:
          RELEASE="${{ github.event.release.tag_name }}"
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            # in the case of a manually-triggered run, read release from input
-            RELEASE="${INPUT_RELEASE}"
+            RELEASE="${{ github.event.inputs.release }}"
          fi
          supersetbot release-label $RELEASE
--- a/.github/workflows/tech-debt.yml
+++ b/.github/workflows/tech-debt.yml
@@ -6,9 +6,6 @@ on:
      - master
      - "[0-9].[0-9]*"
 permissions:
  contents: read
 jobs:
  config:
    runs-on: ubuntu-24.04
@@ -19,12 +16,10 @@ jobs:
        id: check
        shell: bash
        run: |
-          if [ -n "${GSHEET_KEY}" ]; then
+          if [ -n "${{ (secrets.GSHEET_KEY != '' ) || '' }}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi
        env:
          GSHEET_KEY: ${{ (secrets.GSHEET_KEY != '' ) || '' }}
  process-and-upload:
    needs: config
    if: needs.config.outputs.has-secrets
@@ -32,10 +27,10 @@ jobs:
    name: Generate Reports
    steps:
      - name: Checkout Repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@v4
      - name: Set up Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        uses: actions/setup-node@v4
        with:
          node-version-file: './superset-frontend/.nvmrc'
--- a/.github/workflows/welcome-new-users.yml
+++ b/.github/workflows/welcome-new-users.yml
@@ -12,7 +12,7 @@ jobs:
    steps:
      - name: Welcome Message
-        uses: actions/first-interaction@v3
+        uses: actions/first-interaction@v1
        continue-on-error: true
        with:
          repo-token: ${{ github.token }}
--- a/.gitignore
+++ b/.gitignore
@@ -33,7 +33,6 @@ cover
 .env
 .envrc
 .idea
 .roo
 .mypy_cache
 .python-version
 .tox
@@ -44,7 +43,7 @@ _modules
 _static
 build
 app.db
-*.egg-info/
+apache_superset.egg-info/
 changelog.sh
 dist
 dump.rdb
@@ -61,19 +60,21 @@ tmp
 rat-results.txt
 superset/app/
 superset-websocket/config.json
 .direnv
 *.log
 # Node.js, webpack artifacts, storybook
 *.entry.js
 *.js.map
 node_modules
 npm-debug.log*
 superset/static/*
 superset/static/assets/*
 !superset/static/assets/.gitkeep
 superset/static/uploads/*
 !superset/static/uploads/.gitkeep
 superset/static/version_info.json
 superset-frontend/**/esm/*
 superset-frontend/**/lib/*
 superset-frontend/**/storybook-static/*
 superset-frontend/migration-storybook.log
 yarn-error.log
 *.map
 *.min.js
@@ -120,8 +121,6 @@ docker/requirements-local.txt
 cache/
 docker/*local*
 docker/superset-websocket/config.json
 docker-compose.override.yml
 .temp_cache
@@ -131,11 +130,4 @@ superset/static/stats/statistics.html
 # LLM-related
 CLAUDE.local.md
 PROJECT.md
 .aider*
 .claude_rc*
 .claude/settings.local.json
 .env.local
 oxc-custom-build/
 *.code-workspace
 *.duckdb
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,11 +23,8 @@ repos:
    rev: v1.15.0
    hooks:
      - id: mypy
        name: mypy (main)
        args: [--check-untyped-defs]
        exclude: ^superset-extensions-cli/
        additional_dependencies: [
            types-cachetools,
            types-simplejson,
            types-python-dateutil,
            types-requests,
@@ -41,59 +38,41 @@ repos:
            types-paramiko,
            types-Markdown,
          ]
      - id: mypy
        name: mypy (superset-extensions-cli)
        args: [--check-untyped-defs]
        files: ^superset-extensions-cli/
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks:
      - id: check-docstring-first
      - id: check-added-large-files
-        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$|^superset/examples/.*/data\.parquet$
+        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$
      - id: check-yaml
        exclude: ^helm/superset/templates/
      - id: debug-statements
      - id: end-of-file-fixer
-        exclude: .*/lerna\.json$|^docs/static/img/logos/
+        exclude: .*/lerna\.json$
      - id: trailing-whitespace
        exclude: ^.*\.(snap)
        args: ["--markdown-linebreak-ext=md"]
  - repo: local
    hooks:
-      - id: prettier-frontend
+    - id: eslint-frontend
-        name: prettier (frontend)
+      name: eslint (frontend)
-        entry: bash -c 'cd superset-frontend && for file in "$@"; do npx prettier --write "${file#superset-frontend/}"; done'
+      entry: ./scripts/eslint.sh
-        language: system
+      language: system
-        pass_filenames: true
+      pass_filenames: true
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx|css|scss|sass|json)$
+      files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
-  - repo: local
+    - id: eslint-docs
-    hooks:
+      name: eslint (docs)
-      - id: oxlint-frontend
+      entry: bash -c 'cd docs && FILES=$(echo "$@" | sed "s|docs/||g") && yarn eslint --fix --ext .js,.jsx,.ts,.tsx --quiet $FILES'
-        name: oxlint (frontend)
+      language: system
-        entry: ./scripts/oxlint.sh
+      pass_filenames: true
-        language: system
+      files: ^docs/.*\.(js|jsx|ts|tsx)$
-        pass_filenames: true
+    - id: type-checking-frontend
-        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
+      name: Type-Checking (Frontend)
-      - id: custom-rules-frontend
+      entry: ./scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base
-        name: custom rules (frontend)
+      language: system
-        entry: ./scripts/check-custom-rules.sh
+      files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
-        language: system
+      exclude: ^superset-frontend/cypress-base\/
-        pass_filenames: true
+      require_serial: true
        files: ^superset-frontend/.*\.(js|jsx|ts|tsx)$
      - id: eslint-docs
        name: eslint (docs)
        entry: bash -c 'cd docs && FILES=$(printf "%s\n" "$@" | sed "s|^docs/||" | tr "\n" " ") && yarn eslint --fix --quiet $FILES'
        language: system
        pass_filenames: true
        files: ^docs/.*\.(js|jsx|ts|tsx)$
      - id: type-checking-frontend
        name: Type-Checking (Frontend)
        entry: ./scripts/check-type.js package=superset-frontend excludeDeclarationDir=cypress-base
        language: system
        files: ^superset-frontend\/.*\.(js|jsx|ts|tsx)$
        exclude: ^superset-frontend/cypress-base\/
        require_serial: true
  # blacklist unsafe functions like make_url (see #19526)
  - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook
    rev: e2f070289d8eddcaec0b580d3bde29437e7c8221
@@ -107,54 +86,29 @@ repos:
        files: helm
        verbose: false
        args: ["--log-level", "error"]
-  # Using local hooks ensures ruff version matches requirements/development.txt
+  - repo: https://github.com/astral-sh/ruff-pre-commit
-  - repo: local
+    rev: v0.9.7
    hooks:
      - id: ruff-format
        name: ruff-format
        entry: ruff format
        language: system
        types: [python]
      - id: ruff
-        name: ruff
+        args: [--fix]
        entry: ruff check --fix --show-fixes
        language: system
        types: [python]
  - repo: local
    hooks:
-      - id: pylint
+    - id: pylint
-        name: pylint with custom Superset plugins
+      name: pylint with custom Superset plugins
-        entry: bash
+      entry: bash
-        language: system
+      language: system
-        types: [python]
+      types: [python]
-        exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
+      exclude: ^(tests/|superset/migrations/|scripts/|RELEASING/|docker/)
-        args:
+      args:
-          - -c
+        - -c
-          - |
+        - |
-            TARGET_BRANCH=${GITHUB_BASE_REF:-master}
+          TARGET_BRANCH=${GITHUB_BASE_REF:-master}
-            # Only fetch if we're not in CI (CI already has all refs)
+          git fetch origin "$TARGET_BRANCH"
-            if [ -z "$CI" ]; then
+          BASE=$(git merge-base origin/"$TARGET_BRANCH" HEAD)
-              git fetch --no-recurse-submodules origin "$TARGET_BRANCH" 2>/dev/null || true
+          files=$(git diff --name-only --diff-filter=ACM "$BASE"..HEAD | grep '^superset/.*\.py$' || true)
-            fi
+          if [ -n "$files" ]; then
-            BASE=$(git merge-base origin/"$TARGET_BRANCH" HEAD 2>/dev/null) || BASE="HEAD"
+            pylint --rcfile=.pylintrc --load-plugins=superset.extensions.pylint --reports=no $files
-            files=$(git diff --name-only --diff-filter=ACM "$BASE"..HEAD 2>/dev/null | grep '^superset/.*\.py$' || true)
+          else
-            if [ -n "$files" ]; then
+            echo "No Python files to lint."
-              pylint --rcfile=.pylintrc --load-plugins=superset.extensions.pylint --reports=no $files
+          fi
            else
              echo "No Python files to lint."
            fi
      - id: db-engine-spec-metadata
        name: database engine spec metadata validation
        entry: python superset/db_engine_specs/lint_metadata.py --strict
        language: system
        files: ^superset/db_engine_specs/.*\.py$
        exclude: ^superset/db_engine_specs/(base|lib|lint_metadata|__init__)\.py$
        pass_filenames: false
  - repo: local
    hooks:
      - id: feature-flags-sync
        name: feature flags documentation sync
        entry: bash -c 'python scripts/extract_feature_flags.py > docs/static/feature-flags.json.tmp && if ! diff -q docs/static/feature-flags.json docs/static/feature-flags.json.tmp > /dev/null 2>&1; then mv docs/static/feature-flags.json.tmp docs/static/feature-flags.json && echo "Updated docs/static/feature-flags.json" && exit 1; else rm docs/static/feature-flags.json.tmp; fi'
        language: system
        files: ^superset/config\.py$
        pass_filenames: false
--- a/.pylintrc
+++ b/.pylintrc
@@ -53,7 +53,7 @@ extension-pkg-whitelist=pyarrow
 [MESSAGES CONTROL]
 disable=all
-enable=json-import,disallowed-sql-import,consider-using-transaction
+enable=disallowed-json-import,disallowed-sql-import,consider-using-transaction
 [REPORTS]
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -11,7 +11,6 @@
 .nvmrc
 .prettierrc
 .rat-excludes
 .swcrc
 .*log
 .*pyc
 .*lock
@@ -33,8 +32,6 @@ apache_superset.egg-info
 # json and csv in general cannot have comments
 .*json
 .*csv
 # jinja templates often need to be as-is
 .*j2
 # Generated doc files
 env/*
 docs/.htaccess*
@@ -67,20 +64,21 @@ temporary_superset_ui/*
 # skip license checks for auto-generated test snapshots
 .*snap
-# docs third-party logos (database logos, org logos, etc.)
+# docs overrides for third party logos we don't have the rights to
-databases/*
+google-big-query.svg
-logos/*
+google-sheets.svg
 ibm-db2.svg
 postgresql.svg
 snowflake.svg
 ydb.svg
 # docs-related
 erd.puml
 erd.svg
 intro_header.txt
 TODO.md
 # for LLMs
 llm-context.md
 llms.txt
 AGENTS.md
 LLMS.md
 CLAUDE.md
 CURSOR.md
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,269 +0,0 @@
 # LLM Context Guide for Apache Superset
 Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
 ## ⚠️ CRITICAL: Always Run Pre-commit Before Pushing
 **ALWAYS run `pre-commit run --all-files` before pushing commits.** CI will fail if pre-commit checks don't pass. This is non-negotiable.
 ```bash
 # Stage your changes first
 git add .
 # Run pre-commit on all files
 pre-commit run --all-files
 # If there are auto-fixes, stage them and commit
 git add .
 git commit --amend  # or new commit
 ```
 Common pre-commit failures:
 - **Formatting** - black, prettier, eslint will auto-fix
 - **Type errors** - mypy failures need manual fixes
 - **Linting** - ruff, pylint issues need manual fixes
 ## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
 **These migrations are actively happening - avoid deprecated patterns:**
 ### Frontend Modernization
 - **NO `any` types** - Use proper TypeScript types
 - **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
 - **Use @superset-ui/core** - Don't import Ant Design directly, prefer Ant Design component wrappers from @superset-ui/core/components
 - **Use antd theming tokens** - Prefer antd tokens over legacy theming tokens
 - **Avoid custom css and styles** - Follow antd best practices and avoid styling and custom CSS whenever possible
 ### Testing Strategy Migration
 - **Prefer unit tests** over integration tests
 - **Prefer integration tests** over end-to-end tests
 - **Use Playwright for E2E tests** - Migrating from Cypress
 - **Cypress is deprecated** - Will be removed once migration is completed
 - **Use Jest + React Testing Library** for component testing
 - **Use `test()` instead of `describe()`** - Follow [avoid nesting when testing](https://kentcdodds.com/blog/avoid-nesting-when-youre-testing) principles
 ### Backend Type Safety
 - **Add type hints** - All new Python code needs proper typing
 - **MyPy compliance** - Run `pre-commit run mypy` to validate
 - **SQLAlchemy typing** - Use proper model annotations
 ### UUID Migration
 - **Prefer UUIDs over auto-incrementing IDs** - New models should use UUID primary keys
 - **External API exposure** - Use UUIDs in public APIs instead of internal integer IDs
 - **Existing models** - Add UUID fields alongside integer IDs for gradual migration
 ## Key Directories
 ```
 superset/
 ├── superset/                    # Python backend (Flask, SQLAlchemy)
 │   ├── views/api/              # REST API endpoints
 │   ├── models/                 # Database models
 │   └── connectors/             # Database connections
 ├── superset-frontend/src/       # React TypeScript frontend
 │   ├── components/             # Reusable components
 │   ├── explore/                # Chart builder
 │   ├── dashboard/              # Dashboard interface
 │   └── SqlLab/                 # SQL editor
 ├── superset-frontend/packages/
 │   └── superset-ui-core/       # UI component library (USE THIS)
 ├── tests/                      # Python/integration tests
 ├── docs/                       # Documentation (UPDATE FOR CHANGES)
 └── UPDATING.md                 # Breaking changes log
 ```
 ## Code Standards
 ### TypeScript Frontend
 - **Avoid `any` types** - Use proper TypeScript, reuse existing types
 - **Functional components** with hooks
 - **@superset-ui/core** for UI components (not direct antd)
 - **Jest** for testing (NO Enzyme)
 - **Redux** for global state where it exists, hooks for local
 ### Python Backend  
 - **Type hints required** for all new code
 - **MyPy compliant** - run `pre-commit run mypy`
 - **SQLAlchemy models** with proper typing
 - **pytest** for testing
 ### Apache License Headers
 - **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
 - **LLM instruction files are excluded** - Files like AGENTS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
 ### Code Comments
 - **Avoid time-specific language** - Don't use words like "now", "currently", "today" in code comments as they become outdated
 - **Write timeless comments** - Comments should remain accurate regardless of when they're read
 ## Documentation Requirements
 - **docs/**: Update for any user-facing changes
 - **UPDATING.md**: Add breaking changes here
 - **Docstrings**: Required for new functions/classes
 ## Developer Portal: Storybook-to-MDX Documentation
 The Developer Portal auto-generates MDX documentation from Storybook stories. **Stories are the single source of truth.**
 ### Core Philosophy
 - **Fix issues in the STORY, not the generator** - When something doesn't render correctly, update the story file first
 - **Generator should be lightweight** - It extracts and passes through data; avoid special cases
 - **Stories define everything** - Props, controls, galleries, examples all come from story metadata
 ### Story Requirements for Docs Generation
 - Use `export default { title: '...' }` (inline), not `const meta = ...; export default meta;`
 - Name interactive stories `Interactive${ComponentName}` (e.g., `InteractiveButton`)
 - Define `args` for default prop values
 - Define `argTypes` at the story level (not meta level) with control types and descriptions
 - Use `parameters.docs.gallery` for size×style variant grids
 - Use `parameters.docs.sampleChildren` for components that need children
 - Use `parameters.docs.liveExample` for custom live code blocks
 - Use `parameters.docs.staticProps` for complex object props that can't be parsed inline
 ### Generator Location
 - Script: `docs/scripts/generate-superset-components.mjs`
 - Wrapper: `docs/src/components/StorybookWrapper.jsx`
 - Output: `docs/developer_portal/components/`
 ## Architecture Patterns
 ### Security & Features
 - **RBAC**: Role-based access via Flask-AppBuilder
 - **Feature flags**: Control feature rollouts
 - **Row-level security**: SQL-based data access control
 ## Test Utilities
 ### Python Test Helpers
 - **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
 - **`@with_config`** - Config mocking decorator
 - **`@with_feature_flags`** - Feature flag testing
 - **`login_as()`, `login_as_admin()`** - Authentication helpers
 - **`create_dashboard()`, `create_slice()`** - Data setup utilities
 ### TypeScript Test Helpers
 - **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
 - **`createWrapper()`** - Redux/Router/Theme wrapper
 - **`selectOption()`** - Select component helper
 - **React Testing Library** - NO Enzyme (removed)
 ### Test Database Patterns
 - **Mock patterns**: Use `MagicMock()` for config objects, avoid `AsyncMock` for synchronous code
 - **API tests**: Update expected columns when adding new model fields
 ### Running Tests
 ```bash
 # Frontend
 npm run test                           # All tests
 npm run test -- filename.test.tsx     # Single file
 # E2E Tests (Playwright - NEW)
 npm run playwright:test                # All Playwright tests
 npm run playwright:ui                  # Interactive UI mode
 npm run playwright:headed              # See browser during tests
 npx playwright test tests/auth/login.spec.ts  # Single file
 npm run playwright:debug tests/auth/login.spec.ts  # Debug specific file
 # E2E Tests (Cypress - DEPRECATED)
 cd superset-frontend/cypress-base
 npm run cypress-run-chrome             # All Cypress tests (headless)
 npm run cypress-debug                  # Interactive Cypress UI
 # Backend  
 pytest                                 # All tests
 pytest tests/unit_tests/specific_test.py  # Single file
 pytest tests/unit_tests/               # Directory
 # If pytest fails with database/setup issues, ask the user to run test environment setup
 ```
 ## Environment Validation
 **Quick Setup Check (run this first):**
 ```bash
 # Verify Superset is running
 curl -f http://localhost:8088/health || echo "❌ Setup required - see https://superset.apache.org/docs/contributing/development#working-with-llms"
 ```
 **If health checks fail:**
 "It appears you aren't set up properly. Please refer to the [Working with LLMs](https://superset.apache.org/docs/contributing/development#working-with-llms) section in the development docs for setup instructions."
 **Key Project Files:**
 - `superset-frontend/package.json` - Frontend build scripts (`npm run dev` on port 9000, `npm run test`, `npm run lint`)
 - `pyproject.toml` - Python tooling (ruff, mypy configs)
 - `requirements/` folder - Python dependencies (base.txt, development.txt)
 ## SQLAlchemy Query Best Practices  
 - **Use negation operator**: `~Model.field` instead of `== False` to avoid ruff E712 errors
 - **Example**: `~Model.is_active` instead of `Model.is_active == False`
 ## Pull Request Guidelines
 **When creating pull requests:**
 1. **Read the current PR template**: Always check `.github/PULL_REQUEST_TEMPLATE.md` for the latest format
 2. **Use the template sections**: Include all sections from the template (SUMMARY, BEFORE/AFTER, TESTING INSTRUCTIONS, ADDITIONAL INFORMATION)
 3. **Follow PR title conventions**: Use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
   - Format: `type(scope): description`
   - Example: `fix(dashboard): load charts correctly`
   - Types: `fix`, `feat`, `docs`, `style`, `refactor`, `perf`, `test`, `chore`
 **Important**: Always reference the actual template file at `.github/PULL_REQUEST_TEMPLATE.md` instead of using cached content, as the template may be updated over time.
 ## Pre-commit Validation
 **Use pre-commit hooks for quality validation:**
 ```bash
 # Install hooks
 pre-commit install
 # IMPORTANT: Stage your changes first!
 git add .                        # Pre-commit only checks staged files
 # Quick validation (faster than --all-files)
 pre-commit run                   # Staged files only
 pre-commit run mypy              # Python type checking
 pre-commit run prettier          # Code formatting
 pre-commit run eslint            # Frontend linting
 ```
 **Important pre-commit usage notes:**
 - **Stage files first**: Run `git add .` before `pre-commit run` to check only changed files (much faster)
 - **Virtual environment**: Activate your Python virtual environment before running pre-commit
  ```bash
  # Common virtual environment locations (yours may differ):
  source .venv/bin/activate      # if using .venv
  source venv/bin/activate       # if using venv
  source ~/venvs/superset/bin/activate  # if using a central location
  ```
  If you get a "command not found" error, ask the user which virtual environment to activate
 - **Auto-fixes**: Some hooks auto-fix issues (e.g., trailing whitespace). Re-run after fixes are applied
 ## Common File Patterns
 ### API Structure
 - **`/api.py`** - REST endpoints with decorators and OpenAPI docstrings
 - **`/schemas.py`** - Marshmallow validation schemas for OpenAPI spec
 - **`/commands/`** - Business logic classes with @transaction() decorators
 - **`/models/`** - SQLAlchemy database models
 - **OpenAPI docs**: Auto-generated at `/swagger/v1` from docstrings and schemas
 ### Migration Files
 - **Location**: `superset/migrations/versions/`
 - **Naming**: `YYYY-MM-DD_HH-MM_hash_description.py`
 - **Utilities**: Use helpers from `superset.migrations.shared.utils` for database compatibility
 - **Pattern**: Import utilities instead of raw SQLAlchemy operations
 ## Platform-Specific Instructions
 - **[CLAUDE.md](CLAUDE.md)** - For Claude/Anthropic tools
 - **[.github/copilot-instructions.md](.github/copilot-instructions.md)** - For GitHub Copilot  
 - **[GEMINI.md](GEMINI.md)** - For Google Gemini tools
 - **[GPT.md](GPT.md)** - For OpenAI/ChatGPT tools
 - **[.cursor/rules/dev-standard.mdc](.cursor/rules/dev-standard.mdc)** - For Cursor editor
 ---
 **LLM Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,9 +44,4 @@ under the License.
 - [4.0.1](./CHANGELOG/4.0.1.md)
 - [4.0.2](./CHANGELOG/4.0.2.md)
 - [4.1.0](./CHANGELOG/4.1.0.md)
 - [4.1.1](./CHANGELOG/4.1.1.md)
 - [4.1.2](./CHANGELOG/4.1.2.md)
 - [4.1.3](./CHANGELOG/4.1.3.md)
 - [4.1.4](./CHANGELOG/4.1.4.md)
 - [5.0.0](./CHANGELOG/5.0.0.md)
 - [6.0.0](./CHANGELOG/6.0.0.md)
--- a/CHANGELOG/4.1.4.md
+++ b/CHANGELOG/4.1.4.md
@@ -1,33 +0,0 @@
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
 ## Change Log
 ### 4.1.4 (Thu Jul 24 08:30:04 2025 -0300)
 **Database Migrations**
 **Features**
 **Fixes**
 - [#34289](https://github.com/apache/superset/pull/34289) fix: Saved queries list break if one query can't be parsed (@michael-s-molina)
 - [#33059](https://github.com/apache/superset/pull/33059) fix: Adds missing __init__ file to commands/logs (@michael-s-molina)
 **Others**
 - [#32236](https://github.com/apache/superset/pull/32236) chore(deps): bump cryptography from 43.0.3 to 44.0.1 (@dependabot[bot])
--- a/CHANGELOG/6.0.0.md
+++ b/CHANGELOG/6.0.0.md
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +1 @@
-AGENTS.md
+LLMS.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,7 +5,7 @@
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
- with the License.  You may obtain a copy of the License at
+ with the License. You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
@@ -16,23 +16,9 @@
 specific language governing permissions and limitations
 under the License.
 -->
 # Contributing to Apache Superset
 Contributions are welcome and are greatly appreciated! Every
 little bit helps, and credit will always be given.
-## Developer Portal
+All matters related to contributions have moved to [this section of
-
+the official Superset documentation](https://superset.apache.org/docs/contributing/). Source for the documentation is
-All developer and contribution documentation has moved to the Apache Superset Developer Portal:
+[located here](https://github.com/apache/superset/tree/master/docs/docs).
 **[📚 View the Developer Portal →](https://superset.apache.org/developer_portal/)**
 The Developer Portal includes comprehensive guides for:
 - [Contributing Overview](https://superset.apache.org/developer_portal/contributing/overview)
 - [Development Setup](https://superset.apache.org/developer_portal/contributing/development-setup)
 - [Submitting Pull Requests](https://superset.apache.org/developer_portal/contributing/submitting-pr)
 - [Contribution Guidelines](https://superset.apache.org/developer_portal/contributing/guidelines)
 - [Code Review Process](https://superset.apache.org/developer_portal/contributing/code-review)
 - [Development How-tos](https://superset.apache.org/developer_portal/contributing/howtos)
 Source for the Developer Portal documentation is [located here](https://github.com/apache/superset/tree/master/docs/developer_portal).
--- a/64
+++ b/64
@@ -18,7 +18,7 @@
 ######################################################################
 # Node stage to deal with static asset construction
 ######################################################################
-ARG PY_VER=3.11.14-slim-trixie
+ARG PY_VER=3.11.13-slim-bookworm
 # If BUILDPLATFORM is null, set it to 'amd64' (or leave as is otherwise).
 ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
@@ -29,7 +29,7 @@ ARG BUILD_TRANSLATIONS="false"
 ######################################################################
 # superset-node-ci used as a base for building frontend assets and CI
 ######################################################################
-FROM --platform=${BUILDPLATFORM} node:22-trixie-slim AS superset-node-ci
+FROM --platform=${BUILDPLATFORM} node:20-bookworm-slim AS superset-node-ci
 ARG BUILD_TRANSLATIONS
 ENV BUILD_TRANSLATIONS=${BUILD_TRANSLATIONS}
 ARG DEV_MODE="false"           # Skip frontend build in dev mode
@@ -59,12 +59,12 @@ RUN mkdir -p /app/superset/static/assets \
 # NOTE: we mount packages and plugins as they are referenced in package.json as workspaces
 # ideally we'd COPY only their package.json. Here npm ci will be cached as long
 # as the full content of these folders don't change, yielding a decent cache reuse rate.
-# Note that it's not possible to selectively COPY or mount using blobs.
+# Note that's it's not possible selectively COPY of mount using blobs.
 RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.json \
    --mount=type=bind,source=./superset-frontend/package-lock.json,target=./package-lock.json \
    --mount=type=cache,target=/root/.cache \
    --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        npm ci; \
    else \
        echo "Skipping 'npm ci' in dev mode"; \
@@ -74,13 +74,13 @@ RUN --mount=type=bind,source=./superset-frontend/package.json,target=./package.j
 COPY superset-frontend /app/superset-frontend
 ######################################################################
-# superset-node is used for compiling frontend assets
+# superset-node used for compile frontend assets
 ######################################################################
 FROM superset-node-ci AS superset-node
 # Build the frontend if not in dev mode
 RUN --mount=type=cache,target=/root/.npm \
-    if [ "${DEV_MODE}" = "false" ]; then \
+    if [ "$DEV_MODE" = "false" ]; then \
        echo "Running 'npm run ${BUILD_CMD}'"; \
        npm run ${BUILD_CMD}; \
    else \
@@ -90,11 +90,12 @@ RUN --mount=type=cache,target=/root/.npm \
 # Copy translation files
 COPY superset/translations /app/superset/translations
-# Build translations if enabled, then cleanup localization files
+# Build the frontend if not in dev mode
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        npm run build-translation; \
    fi; \
-    rm -rf /app/superset/translations/*/*/*.[po,mo];
+    rm -rf /app/superset/translations/*/*/*.po; \
    rm -rf /app/superset/translations/*/*/*.mo;
 ######################################################################
@@ -105,10 +106,10 @@ FROM python:${PY_VER} AS python-base
 ARG SUPERSET_HOME="/app/superset_home"
 ENV SUPERSET_HOME=${SUPERSET_HOME}
-RUN mkdir -p ${SUPERSET_HOME}
+RUN mkdir -p $SUPERSET_HOME
 RUN useradd --user-group -d ${SUPERSET_HOME} -m --no-log-init --shell /bin/bash superset \
-    && chmod -R 1777 ${SUPERSET_HOME} \
+    && chmod -R 1777 $SUPERSET_HOME \
-    && chown -R superset:superset ${SUPERSET_HOME}
+    && chown -R superset:superset $SUPERSET_HOME
 # Some bash scripts needed throughout the layers
 COPY --chmod=755 docker/*.sh /app/docker/
@@ -133,10 +134,11 @@ RUN --mount=type=cache,target=/root/.cache/uv \
    . /app/.venv/bin/activate && /app/docker/pip-install.sh --requires-build-essential -r requirements/translations.txt
 COPY superset/translations/ /app/translations_mo/
-RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
+RUN if [ "$BUILD_TRANSLATIONS" = "true" ]; then \
        pybabel compile -d /app/translations_mo | true; \
    fi; \
-    rm -f /app/translations_mo/*/*/*.[po,json]
+    rm -f /app/translations_mo/*/*/*.po; \
    rm -f /app/translations_mo/*/*/*.json;
 ######################################################################
 # Python APP common layer
@@ -154,7 +156,7 @@ ENV SUPERSET_HOME="/app/superset_home" \
 COPY --chmod=755 docker/entrypoints /app/docker/entrypoints
 WORKDIR /app
-# Set up necessary directories
+# Set up necessary directories and user
 RUN mkdir -p \
      ${PYTHONPATH} \
      superset/static \
@@ -165,16 +167,14 @@ RUN mkdir -p \
    && touch superset/static/version_info.json
 # Install Playwright and optionally setup headless browsers
 ENV PLAYWRIGHT_BROWSERS_PATH=/usr/local/share/playwright-browsers
 ARG INCLUDE_CHROMIUM="false"
 ARG INCLUDE_FIREFOX="false"
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
-    if [ "${INCLUDE_CHROMIUM}" = "true" ] || [ "${INCLUDE_FIREFOX}" = "true" ]; then \
+    if [ "$INCLUDE_CHROMIUM" = "true" ] || [ "$INCLUDE_FIREFOX" = "true" ]; then \
        uv pip install playwright && \
        playwright install-deps && \
-        if [ "${INCLUDE_CHROMIUM}" = "true" ]; then playwright install chromium; fi && \
+        if [ "$INCLUDE_CHROMIUM" = "true" ]; then playwright install chromium; fi && \
-        if [ "${INCLUDE_FIREFOX}" = "true" ]; then playwright install firefox; fi; \
+        if [ "$INCLUDE_FIREFOX" = "true" ]; then playwright install firefox; fi; \
    else \
        echo "Skipping browser installation"; \
    fi
@@ -196,10 +196,6 @@ RUN /app/docker/apt-install.sh \
      libecpg-dev \
      libldap2-dev
 # Create data directory for DuckDB examples database
 # The database file will be created at runtime when examples are loaded from Parquet files
 RUN mkdir -p /app/data && chown -R superset:superset /app/data
 # Copy compiled things from previous stages
 COPY --from=superset-node /app/superset/static/assets superset/static/assets
@@ -223,10 +219,6 @@ FROM python-common AS lean
 # Install Python dependencies using docker/pip-install.sh
 COPY requirements/base.txt requirements/
 # Copy superset-core package needed for editable install in base.txt
 COPY superset-core superset-core
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/base.txt
 # Install the superset package
@@ -249,11 +241,6 @@ RUN /app/docker/apt-install.sh \
 # Copy development requirements and install them
 COPY requirements/*.txt requirements/
 # Copy local packages needed for editable installs in development.txt
 COPY superset-core superset-core
 COPY superset-extensions-cli superset-extensions-cli
 # Install Python dependencies using docker/pip-install.sh
 RUN --mount=type=cache,target=${SUPERSET_HOME}/.cache/uv \
    /app/docker/pip-install.sh --requires-build-essential -r requirements/development.txt
@@ -271,15 +258,6 @@ USER superset
 ######################################################################
 FROM lean AS ci
 USER root
-RUN uv pip install .[postgres,duckdb]
+RUN uv pip install .[postgres]
 USER superset
 CMD ["/app/docker/entrypoints/docker-ci.sh"]
 ######################################################################
 # Showtime image - lean + DuckDB for examples database
 ######################################################################
 FROM lean AS showtime
 USER root
 RUN uv pip install .[duckdb]
 USER superset
 CMD ["/app/docker/entrypoints/docker-ci.sh"]
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +1 @@
-AGENTS.md
+LLMS.md
--- a/GPT.md
+++ b/GPT.md
@@ -1 +1 @@
-AGENTS.md
+LLMS.md
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -16,20 +16,8 @@ KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
-# Installing Apache Superset
+# INSTALL / BUILD instructions for Apache Superset
-For comprehensive installation instructions, please see the Apache Superset documentation:
+At this time, the docker file at RELEASING/Dockerfile.from_local_tarball
-
+constitutes the recipe on how to get to a working release from a source
-**[📚 Installation Guide →](https://superset.apache.org/docs/installation/installation-methods)**
+release tarball.
 The documentation covers:
 - [Docker Compose](https://superset.apache.org/docs/installation/docker-compose) (recommended for development)
 - [Kubernetes / Helm](https://superset.apache.org/docs/installation/kubernetes)
 - [PyPI](https://superset.apache.org/docs/installation/pypi)
 - [Docker Builds](https://superset.apache.org/docs/installation/docker-builds)
 - [Architecture Overview](https://superset.apache.org/docs/installation/architecture)
 ## Building from Source
 For building from a source release tarball, see the Dockerfile at:
 `RELEASING/Dockerfile.from_local_tarball`
--- a/LLMS.md
+++ b/LLMS.md
@@ -0,0 +1,191 @@
 # LLM Context Guide for Apache Superset
 Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
 ## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
 **These migrations are actively happening - avoid deprecated patterns:**
 ### Frontend Modernization
 - **NO `any` types** - Use proper TypeScript types
 - **NO JavaScript files** - Convert to TypeScript (.ts/.tsx)
 - **Use @superset-ui/core** - Don't import Ant Design directly
 ### Testing Strategy Migration
 - **Prefer unit tests** over integration tests
 - **Prefer integration tests** over Cypress end-to-end tests
 - **Cypress is last resort** - Actively moving away from Cypress
 - **Use Jest + React Testing Library** for component testing
 ### Backend Type Safety
 - **Add type hints** - All new Python code needs proper typing
 - **MyPy compliance** - Run `pre-commit run mypy` to validate
 - **SQLAlchemy typing** - Use proper model annotations
 ### UUID Migration
 - **Prefer UUIDs over auto-incrementing IDs** - New models should use UUID primary keys
 - **External API exposure** - Use UUIDs in public APIs instead of internal integer IDs
 - **Existing models** - Add UUID fields alongside integer IDs for gradual migration
 ## Key Directories
 ```
 superset/
 ├── superset/                    # Python backend (Flask, SQLAlchemy)
 │   ├── views/api/              # REST API endpoints
 │   ├── models/                 # Database models
 │   └── connectors/             # Database connections
 ├── superset-frontend/src/       # React TypeScript frontend
 │   ├── components/             # Reusable components
 │   ├── explore/                # Chart builder
 │   ├── dashboard/              # Dashboard interface
 │   └── SqlLab/                 # SQL editor
 ├── superset-frontend/packages/
 │   └── superset-ui-core/       # UI component library (USE THIS)
 ├── tests/                      # Python/integration tests
 ├── docs/                       # Documentation (UPDATE FOR CHANGES)
 └── UPDATING.md                 # Breaking changes log
 ```
 ## Code Standards
 ### TypeScript Frontend
 - **Avoid `any` types** - Use proper TypeScript, reuse existing types
 - **Functional components** with hooks
 - **@superset-ui/core** for UI components (not direct antd)
 - **Jest** for testing (NO Enzyme)
 - **Redux** for global state where it exists, hooks for local
 ### Python Backend  
 - **Type hints required** for all new code
 - **MyPy compliant** - run `pre-commit run mypy`
 - **SQLAlchemy models** with proper typing
 - **pytest** for testing
 ### Apache License Headers
 - **New files require ASF license headers** - When creating new code files, include the standard Apache Software Foundation license header
 - **LLM instruction files are excluded** - Files like LLMS.md, CLAUDE.md, etc. are in `.rat-excludes` to avoid header token overhead
 ## Documentation Requirements
 - **docs/**: Update for any user-facing changes
 - **UPDATING.md**: Add breaking changes here
 - **Docstrings**: Required for new functions/classes
 ## Architecture Patterns
 ### Security & Features
 - **RBAC**: Role-based access via Flask-AppBuilder
 - **Feature flags**: Control feature rollouts
 - **Row-level security**: SQL-based data access control
 ## Test Utilities
 ### Python Test Helpers
 - **`SupersetTestCase`** - Base class in `tests/integration_tests/base_tests.py`
 - **`@with_config`** - Config mocking decorator
 - **`@with_feature_flags`** - Feature flag testing
 - **`login_as()`, `login_as_admin()`** - Authentication helpers
 - **`create_dashboard()`, `create_slice()`** - Data setup utilities
 ### TypeScript Test Helpers
 - **`superset-frontend/spec/helpers/testing-library.tsx`** - Custom render() with providers
 - **`createWrapper()`** - Redux/Router/Theme wrapper
 - **`selectOption()`** - Select component helper
 - **React Testing Library** - NO Enzyme (removed)
 ### Test Database Patterns
 - **Mock patterns**: Use `MagicMock()` for config objects, avoid `AsyncMock` for synchronous code
 - **API tests**: Update expected columns when adding new model fields
 ### Running Tests
 ```bash
 # Frontend
 npm run test                           # All tests
 npm run test -- filename.test.tsx     # Single file
 # Backend  
 pytest                                 # All tests
 pytest tests/unit_tests/specific_test.py  # Single file
 pytest tests/unit_tests/               # Directory
 # If pytest fails with database/setup issues, ask the user to run test environment setup
 ```
 ## Environment Validation
 **Quick Setup Check (run this first):**
 ```bash
 # Verify Superset is running
 curl -f http://localhost:8088/health || echo "❌ Setup required - see https://superset.apache.org/docs/contributing/development#working-with-llms"
 ```
 **If health checks fail:**
 "It appears you aren't set up properly. Please refer to the [Working with LLMs](https://superset.apache.org/docs/contributing/development#working-with-llms) section in the development docs for setup instructions."
 **Key Project Files:**
 - `superset-frontend/package.json` - Frontend build scripts (`npm run dev` on port 9000, `npm run test`, `npm run lint`)
 - `pyproject.toml` - Python tooling (ruff, mypy configs)
 - `requirements/` folder - Python dependencies (base.txt, development.txt)
 ## SQLAlchemy Query Best Practices  
 - **Use negation operator**: `~Model.field` instead of `== False` to avoid ruff E712 errors
 - **Example**: `~Model.is_active` instead of `Model.is_active == False`
 ## Pre-commit Validation
 **Use pre-commit hooks for quality validation:**
 ```bash
 # Install hooks
 pre-commit install
 # IMPORTANT: Stage your changes first!
 git add .                        # Pre-commit only checks staged files
 # Quick validation (faster than --all-files)
 pre-commit run                   # Staged files only
 pre-commit run mypy              # Python type checking
 pre-commit run prettier          # Code formatting
 pre-commit run eslint            # Frontend linting
 ```
 **Important pre-commit usage notes:**
 - **Stage files first**: Run `git add .` before `pre-commit run` to check only changed files (much faster)
 - **Virtual environment**: Activate your Python virtual environment before running pre-commit
  ```bash
  # Common virtual environment locations (yours may differ):
  source .venv/bin/activate      # if using .venv
  source venv/bin/activate       # if using venv
  source ~/venvs/superset/bin/activate  # if using a central location
  ```
  If you get a "command not found" error, ask the user which virtual environment to activate
 - **Auto-fixes**: Some hooks auto-fix issues (e.g., trailing whitespace). Re-run after fixes are applied
 ## Common File Patterns
 ### API Structure
 - **`/api.py`** - REST endpoints with decorators and OpenAPI docstrings
 - **`/schemas.py`** - Marshmallow validation schemas for OpenAPI spec
 - **`/commands/`** - Business logic classes with @transaction() decorators
 - **`/models/`** - SQLAlchemy database models
 - **OpenAPI docs**: Auto-generated at `/swagger/v1` from docstrings and schemas
 ### Migration Files
 - **Location**: `superset/migrations/versions/`
 - **Naming**: `YYYY-MM-DD_HH-MM_hash_description.py`
 - **Utilities**: Use helpers from `superset.migrations.shared.utils` for database compatibility
 - **Pattern**: Import utilities instead of raw SQLAlchemy operations
 ## Platform-Specific Instructions
 - **[CLAUDE.md](CLAUDE.md)** - For Claude/Anthropic tools
 - **[.github/copilot-instructions.md](.github/copilot-instructions.md)** - For GitHub Copilot  
 - **[GEMINI.md](GEMINI.md)** - For Google Gemini tools
 - **[GPT.md](GPT.md)** - For OpenAI/ChatGPT tools
 - **[.cursor/rules/dev-standard.mdc](.cursor/rules/dev-standard.mdc)** - For Cursor editor
 ---
 **LLM Note**: This codebase is actively modernizing toward full TypeScript and type safety. Always run `pre-commit run` to validate changes. Follow the ongoing refactors section to avoid deprecated patterns.
--- a/29
+++ b/29
@@ -18,7 +18,7 @@
 # Python version installed; we need 3.10-3.11
 PYTHON=`command -v python3.11 || command -v python3.10`
-.PHONY: install superset venv pre-commit up down logs ps nuke ports open
+.PHONY: install superset venv pre-commit
 install: superset pre-commit
@@ -91,7 +91,7 @@ js-format:
 	cd superset-frontend; npm run prettier
 flask-app:
-	flask run -p 8088 --reload --debugger
+	flask run -p 8088 --with-threads --reload --debugger
 node-app:
 	cd superset-frontend; npm run dev-server
@@ -112,28 +112,3 @@ report-celery-beat:
 admin-user:
 	superset fab create-admin
 # Docker Compose with auto-assigned ports (for running multiple instances)
 up:
 	./scripts/docker-compose-up.sh
 up-detached:
 	./scripts/docker-compose-up.sh -d
 down:
 	./scripts/docker-compose-up.sh down
 logs:
 	./scripts/docker-compose-up.sh logs -f
 ps:
 	./scripts/docker-compose-up.sh ps
 nuke:
 	./scripts/docker-compose-up.sh nuke
 ports:
 	./scripts/docker-compose-up.sh ports
 open:
 	./scripts/docker-compose-up.sh open
--- a/README.md
+++ b/README.md
@@ -23,12 +23,8 @@ under the License.
 [![Latest Release on Github](https://img.shields.io/github/v/release/apache/superset?sort=semver)](https://github.com/apache/superset/releases/latest)
 [![Build Status](https://github.com/apache/superset/actions/workflows/superset-python-unittest.yml/badge.svg)](https://github.com/apache/superset/actions)
 [![PyPI version](https://badge.fury.io/py/apache_superset.svg)](https://badge.fury.io/py/apache_superset)
 [![Coverage Status](https://codecov.io/github/apache/superset/coverage.svg?branch=master)](https://codecov.io/github/apache/superset)
 [![PyPI](https://img.shields.io/pypi/pyversions/apache_superset.svg?maxAge=2592000)](https://pypi.python.org/pypi/apache_superset)
 [![GitHub Stars](https://img.shields.io/github/stars/apache/superset?style=social)](https://github.com/apache/superset/stargazers)
 [![Contributors](https://img.shields.io/github/contributors/apache/superset)](https://github.com/apache/superset/graphs/contributors)
 [![Last Commit](https://img.shields.io/github/last-commit/apache/superset)](https://github.com/apache/superset/commits/master)
 [![Open Issues](https://img.shields.io/github/issues/apache/superset)](https://github.com/apache/superset/issues)
 [![Open PRs](https://img.shields.io/github/issues-pr/apache/superset)](https://github.com/apache/superset/pulls)
 [![Get on Slack](https://img.shields.io/badge/slack-join-orange.svg)](http://bit.ly/join-superset-slack)
 [![Documentation](https://img.shields.io/badge/docs-apache.org-blue.svg)](https://superset.apache.org)
@@ -48,18 +44,14 @@ under the License.
 A modern, enterprise-ready business intelligence web application.
 ### Documentation
 - **[User Guide](https://superset.apache.org/user-docs/)** — For analysts and business users. Explore data, build charts, create dashboards, and connect databases.
 - **[Administrator Guide](https://superset.apache.org/admin-docs/)** — Install, configure, and operate Superset. Covers security, scaling, and database drivers.
 - **[Developer Guide](https://superset.apache.org/developer-docs/)** — Contribute to Superset or build on its REST API and extension framework.
 [**Why Superset?**](#why-superset) |
 [**Supported Databases**](#supported-databases) |
 [**Installation and Configuration**](#installation-and-configuration) |
 [**Release Notes**](https://github.com/apache/superset/blob/master/RELEASING/README.md#release-notes-for-recent-releases) |
 [**Get Involved**](#get-involved) |
 [**Contributor Guide**](#contributor-guide) |
 [**Resources**](#resources) |
-[**Organizations Using Superset**](https://superset.apache.org/inTheWild)
+[**Organizations Using Superset**](https://github.com/apache/superset/blob/master/RESOURCES/INTHEWILD.md)
 ## Why Superset?
@@ -93,7 +85,7 @@ Superset provides:
 **Craft Beautiful, Dynamic Dashboards**
-<kbd><img title="View Dashboards" src="https://superset.apache.org/img/screenshots/dashboard.jpg"/></kbd><br/>
+<kbd><img title="View Dashboards" src="https://superset.apache.org/img/screenshots/slack_dash.jpg"/></kbd><br/>
 **No-Code Chart Builder**
@@ -105,77 +97,51 @@ Superset provides:
 ## Supported Databases
-Superset can query data from any SQL-speaking datastore or data engine (Presto, Trino, Athena, [and more](https://superset.apache.org/docs/databases)) that has a Python DB-API driver and a SQLAlchemy dialect.
+Superset can query data from any SQL-speaking datastore or data engine (Presto, Trino, Athena, [and more](https://superset.apache.org/docs/configuration/databases)) that has a Python DB-API driver and a SQLAlchemy dialect.
 Here are some of the major database solutions that are supported:
 <!-- SUPPORTED_DATABASES_START -->
 <p align="center">
-  <a href="https://superset.apache.org/docs/databases/supported/amazon-athena" title="Amazon Athena"><img src="docs/static/img/databases/amazon-athena.jpg" alt="Amazon Athena" width="76" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/redshift.png" alt="redshift" border="0" width="200"/>
-  <a href="https://superset.apache.org/docs/databases/supported/amazon-dynamodb" title="Amazon DynamoDB"><img src="docs/static/img/databases/aws.png" alt="Amazon DynamoDB" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-bigquery" border="0" width="200"/>
-  <a href="https://superset.apache.org/docs/databases/supported/amazon-redshift" title="Amazon Redshift"><img src="docs/static/img/databases/redshift.png" alt="Amazon Redshift" width="100" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/snowflake.png" alt="snowflake" border="0" width="200"/>
-  <a href="https://superset.apache.org/docs/databases/supported/apache-doris" title="Apache Doris"><img src="docs/static/img/databases/doris.png" alt="Apache Doris" width="103" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/trino.png" alt="trino" border="0" width="150" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-drill" title="Apache Drill"><img src="docs/static/img/databases/apache-drill.png" alt="Apache Drill" width="81" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/presto.png" alt="presto" border="0" width="200"/>
-  <a href="https://superset.apache.org/docs/databases/supported/apache-druid" title="Apache Druid"><img src="docs/static/img/databases/druid.png" alt="Apache Druid" width="117" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/databricks.png" alt="databricks" border="0" width="160" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-hive" title="Apache Hive"><img src="docs/static/img/databases/apache-hive.svg" alt="Apache Hive" width="44" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/druid.png" alt="druid" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-impala" title="Apache Impala"><img src="docs/static/img/databases/apache-impala.png" alt="Apache Impala" width="21" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/firebolt.png" alt="firebolt" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-kylin" title="Apache Kylin"><img src="docs/static/img/databases/apache-kylin.png" alt="Apache Kylin" width="44" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/timescale.png" alt="timescale" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-pinot" title="Apache Pinot"><img src="docs/static/img/databases/apache-pinot.svg" alt="Apache Pinot" width="76" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/postgresql.png" alt="postgresql" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-solr" title="Apache Solr"><img src="docs/static/img/databases/apache-solr.png" alt="Apache Solr" width="79" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/mysql.png" alt="mysql" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/apache-spark-sql" title="Apache Spark SQL"><img src="docs/static/img/databases/apache-spark.png" alt="Apache Spark SQL" width="75" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/mssql-server.png" alt="mssql-server" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/ascend" title="Ascend"><img src="docs/static/img/databases/ascend.webp" alt="Ascend" width="117" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/ibm-db2.svg" alt="db2" border="0" width="220" />
-  <a href="https://superset.apache.org/docs/databases/supported/aurora-mysql-data-api" title="Aurora MySQL (Data API)"><img src="docs/static/img/databases/mysql.png" alt="Aurora MySQL (Data API)" width="77" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/sqlite.png" alt="sqlite" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/aurora-postgresql-data-api" title="Aurora PostgreSQL (Data API)"><img src="docs/static/img/databases/postgresql.svg" alt="Aurora PostgreSQL (Data API)" width="76" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/sybase.png" alt="sybase" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/azure-data-explorer" title="Azure Data Explorer"><img src="docs/static/img/databases/kusto.png" alt="Azure Data Explorer" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/mariadb.png" alt="mariadb" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/azure-synapse" title="Azure Synapse"><img src="docs/static/img/databases/azure.svg" alt="Azure Synapse" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/vertica.png" alt="vertica" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/clickhouse" title="ClickHouse"><img src="docs/static/img/databases/clickhouse.png" alt="ClickHouse" width="150" height="37" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/oracle.png" alt="oracle" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/cloudflare-d1" title="Cloudflare D1"><img src="docs/static/img/databases/cloudflare.png" alt="Cloudflare D1" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/firebird.png" alt="firebird" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/cockroachdb" title="CockroachDB"><img src="docs/static/img/databases/cockroachdb.png" alt="CockroachDB" width="150" height="24" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/greenplum.png" alt="greenplum" border="0" width="200"  />
-  <a href="https://superset.apache.org/docs/databases/supported/couchbase" title="Couchbase"><img src="docs/static/img/databases/couchbase.svg" alt="Couchbase" width="150" height="35" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/clickhouse.png" alt="clickhouse" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/cratedb" title="CrateDB"><img src="docs/static/img/databases/cratedb.svg" alt="CrateDB" width="180" height="24" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/exasol.png" alt="exasol" border="0" width="160" />
-  <a href="https://superset.apache.org/docs/databases/supported/databend" title="Databend"><img src="docs/static/img/databases/databend.png" alt="Databend" width="100" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/monet-db.png" alt="monet-db" border="0" width="200"  />
-  <a href="https://superset.apache.org/docs/databases/supported/databricks" title="Databricks"><img src="docs/static/img/databases/databricks.png" alt="Databricks" width="152" height="24" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/apache-kylin.png" alt="apache-kylin" border="0" width="80"/>
-  <a href="https://superset.apache.org/docs/databases/supported/denodo" title="Denodo"><img src="docs/static/img/databases/denodo.png" alt="Denodo" width="138" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/hologres.png" alt="hologres" border="0" width="80"/>
-  <a href="https://superset.apache.org/docs/databases/supported/dremio" title="Dremio"><img src="docs/static/img/databases/dremio.png" alt="Dremio" width="126" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/netezza.png" alt="netezza" border="0" width="80"/>
-  <a href="https://superset.apache.org/docs/databases/supported/duckdb" title="DuckDB"><img src="docs/static/img/databases/duckdb.png" alt="DuckDB" width="52" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/pinot.png" alt="pinot" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/elasticsearch" title="Elasticsearch"><img src="docs/static/img/databases/elasticsearch.png" alt="Elasticsearch" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/teradata.png" alt="teradata" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/exasol" title="Exasol"><img src="docs/static/img/databases/exasol.png" alt="Exasol" width="72" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/yugabyte.png" alt="yugabyte" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/firebird" title="Firebird"><img src="docs/static/img/databases/firebird.png" alt="Firebird" width="100" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/databend.png" alt="databend" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/firebolt" title="Firebolt"><img src="docs/static/img/databases/firebolt.png" alt="Firebolt" width="100" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/google-bigquery" title="Google BigQuery"><img src="docs/static/img/databases/google-big-query.svg" alt="Google BigQuery" width="76" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/doris.png" alt="doris" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/google-sheets" title="Google Sheets"><img src="docs/static/img/databases/google-sheets.svg" alt="Google Sheets" width="76" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
-  <a href="https://superset.apache.org/docs/databases/supported/greenplum" title="Greenplum"><img src="docs/static/img/databases/greenplum.png" alt="Greenplum" width="124" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="sap-hana" border="0" width="220" />
-  <a href="https://superset.apache.org/docs/databases/supported/hologres" title="Hologres"><img src="docs/static/img/databases/hologres.png" alt="Hologres" width="44" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/ibm-db2" title="IBM Db2"><img src="docs/static/img/databases/ibm-db2.svg" alt="IBM Db2" width="91" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <a href="https://superset.apache.org/docs/databases/supported/ibm-netezza-performance-server" title="IBM Netezza Performance Server"><img src="docs/static/img/databases/netezza.png" alt="IBM Netezza Performance Server" width="40" height="40" /></a> &nbsp;
+  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
  <a href="https://superset.apache.org/docs/databases/supported/mariadb" title="MariaDB"><img src="docs/static/img/databases/mariadb.png" alt="MariaDB" width="150" height="37" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/microsoft-sql-server" title="Microsoft SQL Server"><img src="docs/static/img/databases/msql.png" alt="Microsoft SQL Server" width="50" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/monetdb" title="MonetDB"><img src="docs/static/img/databases/monet-db.png" alt="MonetDB" width="100" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/mongodb" title="MongoDB"><img src="docs/static/img/databases/mongodb.png" alt="MongoDB" width="150" height="38" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/motherduck" title="MotherDuck"><img src="docs/static/img/databases/motherduck.png" alt="MotherDuck" width="40" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/oceanbase" title="OceanBase"><img src="docs/static/img/databases/oceanbase.svg" alt="OceanBase" width="175" height="24" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/oracle" title="Oracle"><img src="docs/static/img/databases/oraclelogo.png" alt="Oracle" width="111" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/presto" title="Presto"><img src="docs/static/img/databases/presto-og.png" alt="Presto" width="127" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/risingwave" title="RisingWave"><img src="docs/static/img/databases/risingwave.svg" alt="RisingWave" width="147" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/sap-hana" title="SAP HANA"><img src="docs/static/img/databases/sap-hana.png" alt="SAP HANA" width="137" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/sap-sybase" title="SAP Sybase"><img src="docs/static/img/databases/sybase.png" alt="SAP Sybase" width="100" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/shillelagh" title="Shillelagh"><img src="docs/static/img/databases/shillelagh.png" alt="Shillelagh" width="40" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/singlestore" title="SingleStore"><img src="docs/static/img/databases/singlestore.png" alt="SingleStore" width="150" height="31" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/snowflake" title="Snowflake"><img src="docs/static/img/databases/snowflake.svg" alt="Snowflake" width="76" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/sqlite" title="SQLite"><img src="docs/static/img/databases/sqlite.png" alt="SQLite" width="84" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/starrocks" title="StarRocks"><img src="docs/static/img/databases/starrocks.png" alt="StarRocks" width="149" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/superset-meta-database" title="Superset meta database"><img src="docs/static/img/databases/superset.svg" alt="Superset meta database" width="150" height="39" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/tdengine" title="TDengine"><img src="docs/static/img/databases/tdengine.png" alt="TDengine" width="140" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/teradata" title="Teradata"><img src="docs/static/img/databases/teradata.png" alt="Teradata" width="124" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/timescaledb" title="TimescaleDB"><img src="docs/static/img/databases/timescale.png" alt="TimescaleDB" width="150" height="36" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/trino" title="Trino"><img src="docs/static/img/databases/trino.png" alt="Trino" width="89" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/vertica" title="Vertica"><img src="docs/static/img/databases/vertica.png" alt="Vertica" width="128" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/ydb" title="YDB"><img src="docs/static/img/databases/ydb.svg" alt="YDB" width="110" height="40" /></a> &nbsp;
  <a href="https://superset.apache.org/docs/databases/supported/yugabytedb" title="YugabyteDB"><img src="docs/static/img/databases/yugabyte.png" alt="YugabyteDB" width="150" height="26" /></a>
 </p>
 <!-- SUPPORTED_DATABASES_END -->
-**A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/databases).
+**A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
 Want to add support for your datastore or data engine? Read more [here](https://superset.apache.org/docs/frequently-asked-questions#does-superset-work-with-insert-database-engine-here) about the technical requirements.
@@ -195,14 +161,14 @@ Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) gu
 ## Contributor Guide
 Interested in contributing? Check out our
-[Developer Guide](https://superset.apache.org/developer-docs/)
+[CONTRIBUTING.md](https://github.com/apache/superset/blob/master/CONTRIBUTING.md)
 to find resources around contributing along with a detailed guide on
 how to set up a development environment.
 ## Resources
- [Superset "In the Wild"](https://superset.apache.org/inTheWild) - see who's using Superset, and [add your organization](https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.yaml) to the list!
+- [Superset "In the Wild"](https://github.com/apache/superset/blob/master/RESOURCES/INTHEWILD.md) - open a PR to add your org to the list!
- [Feature Flags](https://superset.apache.org/docs/configuration/feature-flags) - the status of Superset's Feature Flags.
+- [Feature Flags](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md) - the status of Superset's Feature Flags.
 - [Standard Roles](https://github.com/apache/superset/blob/master/RESOURCES/STANDARD_ROLES.md) - How RBAC permissions map to roles.
 - [Superset Wiki](https://github.com/apache/superset/wiki) - Tons of additional community resources: best practices, community content and other information.
 - [Superset SIPs](https://github.com/orgs/apache/projects/170) - The status of Superset's SIPs (Superset Improvement Proposals) for both consensus and implementation status.
--- a/RELEASING/Dockerfile.from_local_tarball
+++ b/RELEASING/Dockerfile.from_local_tarball
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset
--- a/RELEASING/Dockerfile.from_svn_tarball
+++ b/RELEASING/Dockerfile.from_svn_tarball
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 RUN useradd --user-group --create-home --no-log-init --shell /bin/bash superset
--- a/RELEASING/Dockerfile.make_docs
+++ b/RELEASING/Dockerfile.make_docs
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 ARG VERSION
 RUN git clone --depth 1 --branch ${VERSION} https://github.com/apache/superset.git /superset
--- a/RELEASING/Dockerfile.make_tarball
+++ b/RELEASING/Dockerfile.make_tarball
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-FROM python:3.10-slim-trixie
+FROM python:3.10-slim-bookworm
 RUN apt-get update -y
 RUN apt-get install -y \
--- a/RELEASING/README.md
+++ b/RELEASING/README.md
@@ -458,7 +458,7 @@ cd ../
 sed -i '' "s/version_string = .*/version_string = \"$SUPERSET_VERSION\"/" setup.py
 # build the python distribution
-python -m build
+python setup.py sdist
 ```
 Publish to PyPI
@@ -469,10 +469,6 @@ an account first if you don't have one, and reference your username
 while requesting access to push packages.
 ```bash
 # Run this first to make sure you are uploading the right version.
 # Pypi does not allow you to delete or retract once uplaoded.
 twine check dist/*
 twine upload dist/*
 ```
@@ -522,8 +518,6 @@ takes the version (ie `3.1.1`), the git reference (any SHA, tag or branch
 reference), and whether to force the `latest` Docker tag on the
 generated images.
 **NOTE:** If the docker image isn't built, you'll need to run this [GH action](https://github.com/apache/superset/actions/workflows/tag-release.yml) where you provide it the tag sha.
 ### Npm Release
 You might want to publish the latest @superset-ui release to npm
--- a/RELEASING/make_tarball.sh
+++ b/RELEASING/make_tarball.sh
@@ -32,10 +32,11 @@ else
  SUPERSET_VERSION="${1}"
  SUPERSET_RC="${2}"
  SUPERSET_PGP_FULLNAME="${3}"
  SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
  SUPERSET_RELEASE_RC_TARBALL="apache_superset-${SUPERSET_VERSION_RC}-source.tar.gz"
 fi
 SUPERSET_VERSION_RC="${SUPERSET_VERSION}rc${SUPERSET_RC}"
 if [ -z "${SUPERSET_SVN_DEV_PATH}" ]; then
  SUPERSET_SVN_DEV_PATH="$HOME/svn/superset_dev"
 fi
--- a/RELEASING/release-notes-1-0/README.md
+++ b/RELEASING/release-notes-1-0/README.md
@@ -92,7 +92,7 @@ Some of the new features in this release are disabled by default. Each has a fea
 | Feature | Feature Flag | Dependencies | Documentation
 | --- | --- | --- | --- |
-| Global Async Queries | `GLOBAL_ASYNC_QUERIES: True` | Redis 5.0+, celery workers configured and running | [Extra documentation](https://superset.apache.org/docs/contributing/misc#async-chart-queries)
+| Global Async Queries | `GLOBAL_ASYNC_QUERIES: True` | Redis 5.0+, celery workers configured and running | [Extra documentation](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries )
 | Dashboard Native Filters | `DASHBOARD_NATIVE_FILTERS: True` | |
 | Alerts & Reporting | `ALERT_REPORTS: True` | [Celery workers configured & celery beat process](https://superset.apache.org/docs/installation/async-queries-celery) |
 | Homescreen Thumbnails | `THUMBNAILS: TRUE, THUMBNAIL_CACHE_CONFIG: CacheConfig = { "CACHE_TYPE": "null", "CACHE_NO_NULL_WARNING": True}`| selenium, pillow 7, celery |
--- a/RESOURCES/FEATURE_FLAGS.md
+++ b/RESOURCES/FEATURE_FLAGS.md
@@ -0,0 +1,102 @@
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
 # Superset Feature Flags
 This is a list of the current Superset optional features. See config.py for default values. These features can be turned on/off by setting your preferred values in superset_config.py to True/False respectively
 ## In Development
 These features are considered **unfinished** and should only be used on development environments.
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
 - ALERT_REPORT_TABS
 - ENABLE_ADVANCED_DATA_TYPES
 - PRESTO_EXPAND_DATA
 - SHARE_QUERIES_VIA_KV_STORE
 - TAGGING_SYSTEM
 - CHART_PLUGINS_EXPERIMENTAL
 ## In Testing
 These features are **finished** but currently being tested. They are usable, but may still contain some bugs.
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
 - ALERT_REPORTS: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports)
 - ALLOW_FULL_CSV_EXPORT
 - CACHE_IMPERSONATION
 - CONFIRM_DASHBOARD_DIFF
 - DYNAMIC_PLUGINS
 - DATE_FORMAT_IN_EMAIL_SUBJECT: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports#commons)
 - ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
 - ESTIMATE_QUERY_COST
 - GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
 - IMPERSONATE_WITH_EMAIL_PREFIX
 - PLAYWRIGHT_REPORTS_AND_THUMBNAILS
 - RLS_IN_SQLLAB
 - SSH_TUNNELING [(docs)](https://superset.apache.org/docs/configuration/setup-ssh-tunneling)
 - USE_ANALAGOUS_COLORS
 ## Stable
 These features flags are **safe for production**. They have been tested and will be supported for the at least the current major version cycle.
 [//]: # "PLEASE KEEP THESE LISTS SORTED ALPHABETICALLY"
 ### Flags on the path to feature launch and flag deprecation/removal
 - DASHBOARD_VIRTUALIZATION
 ### Flags retained for runtime configuration
 Currently some of our feature flags act as dynamic configurations that can changed
 on the fly. This acts in contradiction with the typical ephemeral feature flag use case,
 where the flag is used to mature a feature, and eventually deprecated once the feature is
 solid. Eventually we'll likely refactor these under a more formal "dynamic configurations" managed
 independently. This new framework will also allow for non-boolean configurations.
 - ALERTS_ATTACH_REPORTS
 - ALLOW_ADHOC_SUBQUERY
 - DASHBOARD_RBAC [(docs)](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard#manage-access-to-dashboards)
 - DATAPANEL_CLOSED_BY_DEFAULT
 - DRILL_BY
 - DRUID_JOINS
 - EMBEDDABLE_CHARTS
 - EMBEDDED_SUPERSET
 - ENABLE_TEMPLATE_PROCESSING
 - ESCAPE_MARKDOWN_HTML
 - LISTVIEWS_DEFAULT_CARD_VIEW
 - SCHEDULED_QUERIES [(docs)](https://superset.apache.org/docs/configuration/alerts-reports)
 - SLACK_ENABLE_AVATARS (see `superset/config.py` for more information)
 - SQLLAB_BACKEND_PERSISTENCE
 - SQL_VALIDATORS_BY_ENGINE [(docs)](https://superset.apache.org/docs/configuration/sql-templating)
 - THUMBNAILS [(docs)](https://superset.apache.org/docs/configuration/cache)
 ## Deprecated Flags
 These features flags currently default to True and **will be removed in a future major release**. For this current release you can turn them off by setting your config to False, but it is advised to remove or set these flags in your local configuration to **True** so that you do not experience any unexpected changes in a future release.
 [//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
 - AVOID_COLORS_COLLISION
 - DRILL_TO_DETAIL
 - ENABLE_JAVASCRIPT_CONTROLS
 - KV_STORE
--- a/RESOURCES/INTHEWILD.md
+++ b/RESOURCES/INTHEWILD.md
@@ -0,0 +1,226 @@
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
 ## Superset Users in the Wild
 Here's a list of organizations, broken down into broad industry categories, that have taken the time to send a PR to let
 the world know they are using Apache Superset. If you are a user and want to be recognized,
 all you have to do is file a simple PR [like this one](https://github.com/apache/superset/pull/10122) — [just click here](https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.md) to do so. If you think
 the categorization is inaccurate, please file a PR with your correction as well.
 Join our growing community!
 ### Sharing Economy
 - [Airbnb](https://github.com/airbnb)
 - [Faasos](https://faasos.com/) [@shashanksingh]
 - [Free2Move](https://www.free2move.com/) [@PaoloTerzi]
 - [Hostnfly](https://www.hostnfly.com/) [@alexisrosuel]
 - [Lime](https://www.li.me/) [@cxmcc]
 - [Lyft](https://www.lyft.com/)
 - [Ontruck](https://www.ontruck.com/)
 ### Financial Services
 - [Aktia Bank plc](https://www.aktia.com)
 - [American Express](https://www.americanexpress.com) [@TheLastSultan]
 - [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]
 - [Cape Crypto](https://capecrypto.com)
 - [Capital Service S.A.](https://capitalservice.pl) [@pkonarzewski]
 - [Clark.de](https://clark.de/)
 - [Europace](https://europace.de)
 - [KarrotPay](https://www.daangnpay.com/)
 - [Remita](https://remita.net) [@mujibishola]
 - [Taveo](https://www.taveo.com) [@codek]
 - [Unit](https://www.unit.co/about-us) [@amitmiran137]
 - [Wise](https://wise.com) [@koszti]
 - [Xendit](https://xendit.co/) [@LieAlbertTriAdrian]
 - [Cover Genius](https://covergenius.com/)
 ### Gaming
 - [Popoko VM Games Studio](https://popoko.live)
 ### E-Commerce
 - [AiHello](https://www.aihello.com) [@ganeshkrishnan1]
 - [Bazaar Technologies](https://www.bazaartech.com) [@umair-abro]
 - [Dragonpass](https://www.dragonpass.com.cn/) [@zhxjdwh]
 - [Dropit Shopping](https://www.dropit.shop/) [@dropit-dev]
 - [Fanatics](https://www.fanatics.com/) [@coderfender]
 - [Fordeal](https://www.fordeal.com) [@Renkai]
 - [Fynd](https://www.fynd.com/) [@darpanjain07]
 - [GFG - Global Fashion Group](https://global-fashion-group.com) [@ksaagariconic]
 - [GoTo/Gojek](https://www.gojek.io/) [@gwthm-in]
 - [HuiShouBao](https://www.huishoubao.com/) [@Yukinoshita-Yukino]
 - [Now](https://www.now.vn/) [@davidkohcw]
 - [Qunar](https://www.qunar.com/) [@flametest]
 - [Rakuten Viki](https://www.viki.com)
 - [Shopee](https://shopee.sg) [@xiaohanyu]
 - [Shopkick](https://www.shopkick.com) [@LAlbertalli]
 - [ShopUp](https://www.shopup.org/) [@gwthm-in]
 - [Tails.com](https://tails.com/gb/) [@alanmcruickshank]
 - [THE ICONIC](https://theiconic.com.au/) [@ksaagariconic]
 - [Utair](https://www.utair.ru) [@utair-digital]
 - [VkusVill](https://vkusvill.ru/) [@ETselikov]
 - [Zalando](https://www.zalando.com) [@dmigo]
 - [Zalora](https://www.zalora.com) [@ksaagariconic]
 - [Zepto](https://www.zeptonow.com/) [@gwthm-in]
 ### Enterprise Technology
 - [A3Data](https://a3data.com.br) [@neylsoncrepalde]
 - [Analytics Aura](https://analyticsaura.com/) [@Analytics-Aura]
 - [Apollo GraphQL](https://www.apollographql.com/) [@evans]
 - [Astronomer](https://www.astronomer.io) [@ryw]
 - [Avesta Technologies](https://avestatechnologies.com/) [@TheRum]
 - [Caizin](https://caizin.com/) [@tejaskatariya]
 - [Canonical](https://canonical.com)
 - [Careem](https://www.careem.com/) [@samraHanif0340]
 - [Cloudsmith](https://cloudsmith.io) [@alancarson]
 - [Cyberhaven](https://www.cyberhaven.com/) [@toliver-ch]
 - [Deepomatic](https://deepomatic.com/) [@Zanoellia]
 - [Dial Once](https://www.dial-once.com/)
 - [Dremio](https://dremio.com) [@narendrans]
 - [EFinance](https://www.efinance.com.eg) [@habeeb556]
 - [Elestio](https://elest.io/) [@kaiwalyakoparkar]
 - [ELMO Cloud HR & Payroll](https://elmosoftware.com.au/)
 - [Endress+Hauser](https://www.endress.com/) [@rumbin]
 - [FBK - ICT center](https://ict.fbk.eu)
 - [Formbricks](https://formbricks.com)
 - [Gavagai](https://gavagai.io) [@gavagai-corp]
 - [GfK Data Lab](https://www.gfk.com/home) [@mherr]
 - [HPE](https://www.hpe.com/in/en/home.html) [@anmol-hpe]
 - [Hydrolix](https://www.hydrolix.io/)
 - [Intercom](https://www.intercom.com/) [@kate-gallo]
 - [jampp](https://jampp.com/)
 - [Konfío](https://konfio.mx) [@uis-rodriguez]
 - [Mainstrat](https://mainstrat.com/)
 - [mishmash io](https://mishmash.io/) [@mishmash-io]
 - [Myra Labs](https://www.myralabs.com/) [@viksit]
 - [Nielsen](https://www.nielsen.com/) [@amitNielsen]
 - [Ona](https://ona.io) [@pld]
 - [Orange](https://www.orange.com) [@icsu]
 - [Oslandia](https://oslandia.com)
 - [Oxylabs](https://oxylabs.io/) [@rytis-ulys]
 - [Peak AI](https://www.peak.ai/) [@azhar22k]
 - [PeopleDoc](https://www.people-doc.com) [@rodo]
 - [PlaidCloud](https://www.plaidcloud.com)
 - [Preset, Inc.](https://preset.io)
 - [PubNub](https://pubnub.com) [@jzucker2]
 - [ReadyTech](https://www.readytech.io)
 - [Reward Gateway](https://www.rewardgateway.com)
 - [RIADVICE](https://riadvice.tn) [@riadvice]
 - [ScopeAI](https://www.getscopeai.com) [@iloveluce]
 - [shipmnts](https://shipmnts.com)
 - [Showmax](https://showmax.com) [@bobek]
 - [SingleStore](https://www.singlestore.com/)
 - [TechAudit](https://www.techaudit.info) [@ETselikov]
 - [Tenable](https://www.tenable.com) [@dflionis]
 - [Tentacle](https://www.linkedin.com/company/tentacle-cmi/) [@jdclarke5]
 - [timbr.ai](https://timbr.ai/) [@semantiDan]
 - [Tobii](https://www.tobii.com/) [@dwa]
 - [Tooploox](https://www.tooploox.com/) [@jakubczaplicki]
 - [Unvired](https://unvired.com) [@srinisubramanian]
 - [Virtuoso QA](https://www.virtuosoqa.com)
 - [Whale](https://whale.im)
 - [Windsor.ai](https://www.windsor.ai/) [@octaviancorlade]
 - [WinWin Network马上赢](https://brandct.cn/) [@wenbinye]
 - [Zeta](https://www.zeta.tech/) [@shaikidris]
 ### Media & Entertainment
 - [6play](https://www.6play.fr) [@CoryChaplin]
 - [bilibili](https://www.bilibili.com) [@Moinheart]
 - [BurdaForward](https://www.burda-forward.de/en/)
 - [Douban](https://www.douban.com/) [@luchuan]
 - [Kuaishou](https://www.kuaishou.com/) [@zhaoyu89730105]
 - [Netflix](https://www.netflix.com/)
 - [Prensa Iberica](https://www.prensaiberica.es/) [@zamar-roura]
 - [TME QQMUSIC/WESING](https://www.tencentmusic.com/) [@shenyuanli,@marklaw]
 - [Xite](https://xite.com/) [@shashankkoppar]
 - [Zaihang](https://www.zaih.com/)
 ### Education
 - [Aveti Learning](https://avetilearning.com/) [@TheShubhendra]
 - [Brilliant.org](https://brilliant.org/)
 - [Open edX](https://openedx.org/)
 - [Platzi.com](https://platzi.com/)
 - [Sunbird](https://www.sunbird.org/) [@eksteporg]
 - [The GRAPH Network](https://thegraphnetwork.org/) [@fccoelho]
 - [Udemy](https://www.udemy.com/) [@sungjuly]
 - [VIPKID](https://www.vipkid.com.cn/) [@illpanda]
 - [WikiMedia Foundation](https://wikimediafoundation.org) [@vg]
 ### Energy
 - [Airboxlab](https://foobot.io) [@antoine-galataud]
 - [DouroECI](https://www.douroeci.com/) [@nunohelibeires]
 - [Safaricom](https://www.safaricom.co.ke/) [@mmutiso]
 - [Scoot](https://scoot.co/) [@haaspt]
 - [Wattbewerb](https://wattbewerb.de/) [@wattbewerb]
 ### Healthcare
 - [Amino](https://amino.com) [@shkr]
 - [Bluesquare](https://www.bluesquarehub.com/) [@madewulf]
 - [Care](https://www.getcare.io/) [@alandao2021]
 - [Living Goods](https://www.livinggoods.org) [@chelule]
 - [Maieutical Labs](https://maieuticallabs.it) [@xrmx]
 - [Medic](https://medic.org) [@1yuv]
 - [REDCap Cloud](https://www.redcapcloud.com/)
 - [TrustMedis](https://trustmedis.com/) [@famasya]
 - [WeSure](https://www.wesure.cn/)
 - [2070Health](https://2070health.com/)
 ### HR / Staffing
 - [Swile](https://www.swile.co/) [@PaoloTerzi]
 - [Symmetrics](https://www.symmetrics.fyi)
 - [bluquist](https://bluquist.com/)
 ### Government
 - [City of Ann Arbor, MI](https://www.a2gov.org/) [@sfirke]
 - [RIS3 Strategy of CZ, MIT CR](https://www.ris3.cz/) [@RIS3CZ]
 - [NRLM - Sarathi, India](https://pib.gov.in/PressReleasePage.aspx?PRID=1999586)
 ### Travel
 - [Agoda](https://www.agoda.com/) [@lostseaway, @maiake, @obombayo]
 - [HomeToGo](https://hometogo.com/) [@pedromartinsteenstrup]
 - [Skyscanner](https://www.skyscanner.net/) [@cleslie, @stanhoucke]
 ### Others
 - [10Web](https://10web.io/)
 - [AI inside](https://inside.ai/en/)
 - [Automattic](https://automattic.com/) [@Khrol, @Usiel]
 - [Dropbox](https://www.dropbox.com/) [@bkyryliuk]
 - [Flowbird](https://flowbird.com) [@EmmanuelCbd]
 - [GEOTAB](https://www.geotab.com) [@JZ6]
 - [Grassroot](https://www.grassrootinstitute.org/)
 - [Increff](https://www.increff.com/) [@ishansinghania]
 - [komoot](https://www.komoot.com/) [@christophlingg]
 - [Let's Roam](https://www.letsroam.com/)
 - [Machrent SA](https://www.machrent.com/)
 - [Onebeat](https://1beat.com/) [@GuyAttia]
 - [X](https://x.com/)
 - [VLMedia](https://www.vlmedia.com.tr/) [@ibotheperfect]
 - [Yahoo!](https://yahoo.com/)
--- a/RESOURCES/INTHEWILD.yaml
+++ b/RESOURCES/INTHEWILD.yaml
@@ -1,703 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # Apache Superset Users in the Wild
 #
 # To add your organization:
 # 1. Find the appropriate category (or add a new one)
 # 2. Add an entry with your organization details
 # 3. Optionally add a logo file to docs/static/img/logos/
 #
 # Required fields:
 #   - name: Your organization name
 #   - url: Link to your organization's website
 #
 # Optional fields:
 #   - logo: Filename of logo in docs/static/img/logos/ (e.g., "mycompany.svg")
 #   - contributors: List of GitHub usernames who contributed (e.g., ["@username"])
 categories:
  Sharing Economy:
    - name: Airbnb
      url: https://github.com/airbnb
    - name: Faasos
      url: https://faasos.com/
      contributors: ["@shashanksingh"]
    - name: Free2Move
      url: https://www.free2move.com/
      contributors: ["@PaoloTerzi"]
    - name: Hostnfly
      url: https://www.hostnfly.com/
      contributors: ["@alexisrosuel"]
    - name: Lime
      url: https://www.li.me/
      contributors: ["@cxmcc"]
    - name: Lyft
      url: https://www.lyft.com/
    - name: Ontruck
      url: https://www.ontruck.com/
  Financial Services:
    - name: Aadhar Housing Finance Limited
      url: https://www.aadharhousing.com
      contributors: ["@thakerhardiks"]
    - name: Aktia Bank plc
      url: https://www.aktia.com
    - name: American Express
      url: https://www.americanexpress.com
      contributors: ["@TheLastSultan"]
    - name: bumper
      url: https://www.bumper.co/
      contributors: ["@vasu-ram", "@JamiePercival"]
    - name: Cape Crypto
      url: https://capecrypto.com
    - name: Capital Service S.A.
      url: https://capitalservice.pl
      contributors: ["@pkonarzewski"]
    - name: Clark.de
      url: https://clark.de/
    - name: EnquiryLabs
      url: https://www.enquirylabs.co.uk
    - name: Europace
      url: https://europace.de
    - name: KarrotPay
      url: https://www.daangnpay.com/
    - name: Remita
      url: https://remita.net
      contributors: ["@mujibishola"]
    - name: Taveo
      url: https://www.taveo.com
      contributors: ["@codek"]
    - name: Unit
      url: https://www.unit.co/about-us
      contributors: ["@amitmiran137"]
    - name: Wise
      url: https://wise.com
      contributors: ["@koszti"]
    - name: Xendit
      url: https://xendit.co/
      contributors: ["@LieAlbertTriAdrian"]
    - name: Cover Genius
      url: https://covergenius.com/
  Gaming:
    - name: Popoko VM Games Studio
      url: https://popoko.live
  E-Commerce:
    - name: AiHello
      url: https://www.aihello.com
      contributors: ["@ganeshkrishnan1"]
    - name: Bazaar Technologies
      url: https://www.bazaartech.com
      contributors: ["@umair-abro"]
    - name: Blinkit
      url: https://www.blinkit.com/
      contributors: ["@amsharm2"]
    - name: Dragonpass
      url: https://www.dragonpass.com.cn/
      contributors: ["@zhxjdwh"]
    - name: Dropit Shopping
      url: https://www.dropit.shop/
      contributors: ["@dropit-dev"]
    - name: Fordeal
      url: https://www.fordeal.com
      contributors: ["@Renkai"]
    - name: Fynd
      url: https://www.fynd.com/
      contributors: ["@darpanjain07"]
    - name: GFG - Global Fashion Group
      url: https://global-fashion-group.com
      contributors: ["@ksaagariconic"]
    - name: GoTo/Gojek
      url: https://www.gojek.io/
      contributors: ["@gwthm-in"]
    - name: HuiShouBao
      url: https://www.huishoubao.com/
      contributors: ["@Yukinoshita-Yukino"]
    - name: Now
      url: https://www.now.vn/
      contributors: ["@davidkohcw"]
    - name: Qunar
      url: https://www.qunar.com/
      contributors: ["@flametest"]
    - name: Rakuten Viki
      url: https://www.viki.com
    - name: Shopee
      url: https://shopee.sg
      contributors: ["@xiaohanyu"]
    - name: Shopkick
      url: https://www.shopkick.com
      contributors: ["@LAlbertalli"]
    - name: ShopUp
      url: https://www.shopup.org/
      contributors: ["@gwthm-in"]
    - name: Tails.com
      url: https://tails.com/gb/
      contributors: ["@alanmcruickshank"]
    - name: THE ICONIC
      url: https://theiconic.com.au/
      contributors: ["@ksaagariconic"]
    - name: Utair
      url: https://www.utair.ru
      contributors: ["@utair-digital"]
    - name: VkusVill
      url: https://vkusvill.ru/
      contributors: ["@ETselikov"]
    - name: Zalando
      url: https://www.zalando.com
      contributors: ["@dmigo"]
    - name: Zalora
      url: https://www.zalora.com
      contributors: ["@ksaagariconic"]
    - name: Zepto
      url: https://www.zeptonow.com/
      contributors: ["@gwthm-in"]
  Enterprise Technology:
    - name: A3Data
      url: https://a3data.com.br
      contributors: ["@neylsoncrepalde"]
    - name: Analytics Aura
      url: https://analyticsaura.com/
      contributors: ["@Analytics-Aura"]
    - name: Apollo GraphQL
      url: https://www.apollographql.com/
      contributors: ["@evans"]
    - name: Astronomer
      url: https://www.astronomer.io
      contributors: ["@ryw"]
    - name: Avesta Technologies
      url: https://avestatechnologies.com/
      contributors: ["@TheRum"]
    - name: Caizin
      url: https://caizin.com/
      contributors: ["@tejaskatariya"]
    - name: Canonical
      url: https://canonical.com
    - name: Careem
      url: https://www.careem.com/
      contributors: ["@samraHanif0340"]
    - name: Cloudsmith
      url: https://cloudsmith.io
      contributors: ["@alancarson"]
    - name: Cyberhaven
      url: https://www.cyberhaven.com/
      contributors: ["@toliver-ch"]
    - name: Deepomatic
      url: https://deepomatic.com/
      contributors: ["@Zanoellia"]
    - name: Dial Once
      url: https://www.dial-once.com/
    - name: Dremio
      url: https://dremio.com
      contributors: ["@narendrans"]
    - name: EFinance
      url: https://www.efinance.com.eg
      contributors: ["@habeeb556"]
    - name: Elestio
      url: https://elest.io/
      contributors: ["@kaiwalyakoparkar"]
    - name: ELMO Cloud HR & Payroll
      url: https://elmosoftware.com.au/
    - name: Endress+Hauser
      url: https://www.endress.com/
      contributors: ["@rumbin"]
    - name: FBK - ICT center
      url: https://ict.fbk.eu
    - name: Formbricks
      url: https://formbricks.com
    - name: Gavagai
      url: https://gavagai.io
      contributors: ["@gavagai-corp"]
    - name: GfK Data Lab
      url: https://www.gfk.com/home
      contributors: ["@mherr"]
    - name: Hifadih Business & Technology
      url: https://hifadih.net/en
      logo: hifadih.png
      contributors: ["@saintLaurent00"]
    # Logo approved by @anmol-hpe on behalf of HPE
    - name: HPE
      url: https://www.hpe.com/in/en/home.html
      logo: hpe.png
      contributors: ["@anmol-hpe"]
    - name: Hydrolix
      url: https://www.hydrolix.io/
    - name: Intercom
      url: https://www.intercom.com/
      contributors: ["@kate-gallo"]
    - name: jampp
      url: https://jampp.com/
    - name: Konfío
      url: https://konfio.mx
      contributors: ["@uis-rodriguez"]
    - name: Mainstrat
      url: https://mainstrat.com/
    - name: mishmash io
      url: https://mishmash.io/
      contributors: ["@mishmash-io"]
    - name: Myra Labs
      url: https://www.myralabs.com/
      contributors: ["@viksit"]
    - name: Nielsen
      url: https://www.nielsen.com/
      contributors: ["@amitNielsen"]
    - name: Ona
      url: https://ona.io
      contributors: ["@pld"]
    - name: Orange
      url: https://www.orange.com
      contributors: ["@icsu"]
    - name: Oslandia
      url: https://oslandia.com
    - name: Oxylabs
      url: https://oxylabs.io/
      contributors: ["@rytis-ulys"]
    - name: Peak AI
      url: https://www.peak.ai/
      contributors: ["@azhar22k"]
    - name: PeopleDoc
      url: https://www.people-doc.com
      contributors: ["@rodo"]
    - name: PlaidCloud
      url: https://plaidcloud.com
      logo: plaidcloud.svg
      contributors: ["@rad-pat"]
    - name: Preset, Inc.
      url: https://preset.io
      logo: preset.svg
      contributors: ["@mistercrunch", "@betodealmeida", "@dpgaspar", "@rusackas", "@sadpandajoe", "@Vitor-Avila", "@kgabryje", "@geido", "@eschutho", "@Antonio-RiveroMartnez", "@yousoph"]
    - name: PubNub
      url: https://pubnub.com
      contributors: ["@jzucker2"]
    - name: ReadyTech
      url: https://www.readytech.io
    - name: Reward Gateway
      url: https://www.rewardgateway.com
    - name: RIADVICE
      url: https://riadvice.tn
      contributors: ["@riadvice"]
    - name: ScopeAI
      url: https://www.getscopeai.com
      contributors: ["@iloveluce"]
    - name: shipmnts
      url: https://shipmnts.com
    - name: Showmax
      url: https://showmax.com
      contributors: ["@bobek"]
    - name: SingleStore
      url: https://www.singlestore.com/
    - name: TechAudit
      url: https://www.techaudit.info
      contributors: ["@ETselikov"]
    - name: Tenable
      url: https://www.tenable.com
      contributors: ["@dflionis"]
    - name: Tentacle
      url: https://www.linkedin.com/company/tentacle-cmi/
      contributors: ["@jdclarke5"]
    - name: timbr.ai
      url: https://timbr.ai/
      contributors: ["@semantiDan"]
    - name: Tobii
      url: https://www.tobii.com/
      contributors: ["@dwa"]
    - name: Tooploox
      url: https://www.tooploox.com/
      contributors: ["@jakubczaplicki"]
    - name: Unvired
      url: https://unvired.com
      contributors: ["@srinisubramanian"]
    - name: UserGuiding
      url: https://userguiding.com/
      logo: userguiding.svg
      contributors: ["@tzercin"]
    - name: Virtuoso QA
      url: https://www.virtuosoqa.com
    - name: Whale
      url: https://whale.im
    - name: Windsor.ai
      url: https://www.windsor.ai/
      contributors: ["@octaviancorlade"]
    - name: WinWin Network马上赢
      url: https://brandct.cn/
      contributors: ["@wenbinye"]
    - name: XNET
      url: https://xnetmobile.com/
      logo: xnet.png
      contributors: ["@deuspt"]
    - name: Zeta
      url: https://www.zeta.tech/
      contributors: ["@shaikidris"]
  Media & Entertainment:
    - name: 6play
      url: https://www.6play.fr
      contributors: ["@CoryChaplin"]
    - name: bilibili
      url: https://www.bilibili.com
      contributors: ["@Moinheart"]
    - name: BurdaForward
      url: https://www.burda-forward.de/en/
    - name: Douban
      url: https://www.douban.com/
      contributors: ["@luchuan"]
    - name: Kuaishou
      url: https://www.kuaishou.com/
      contributors: ["@zhaoyu89730105"]
    - name: Netflix
      url: https://www.netflix.com/
    - name: Prensa Iberica
      url: https://www.prensaiberica.es/
      contributors: ["@zamar-roura"]
    - name: TME QQMUSIC/WESING
      url: https://www.tencentmusic.com/
      contributors: ["@shenyuanli", "@marklaw"]
    - name: Xite
      url: https://xite.com/
      contributors: ["@shashankkoppar"]
    - name: Zaihang
      url: https://www.zaih.com/
  Education:
    - name: Aveti Learning
      url: https://avetilearning.com/
      contributors: ["@TheShubhendra"]
    - name: Brilliant.org
      url: https://brilliant.org/
    - name: Cirrus Assessment
      url: https://cirrusassessment.com/
      logo: cirrus.svg
      contributors: ["@jeroenhabets", "@ddmm-white", "@paulrocost"]
    - name: Open edX
      url: https://openedx.org/
    - name: Platzi.com
      url: https://platzi.com/
    - name: Sunbird
      url: https://www.sunbird.org/
      contributors: ["@eksteporg"]
    - name: The GRAPH Network
      url: https://thegraphnetwork.org/
      contributors: ["@fccoelho"]
    - name: Udemy
      url: https://www.udemy.com/
      contributors: ["@sungjuly"]
    - name: VIPKID
      url: https://www.vipkid.com.cn/
      contributors: ["@illpanda"]
    - name: WikiMedia Foundation
      url: https://wikimediafoundation.org
      contributors: ["@vg"]
  Energy:
    - name: Airboxlab
      url: https://foobot.io
      contributors: ["@antoine-galataud"]
    - name: DouroECI
      url: https://www.douroeci.com/
      contributors: ["@nunohelibeires"]
    - name: Safaricom
      url: https://www.safaricom.co.ke/
      contributors: ["@mmutiso"]
    - name: Scoot
      url: https://scoot.co/
      contributors: ["@haaspt"]
    - name: Wattbewerb
      url: https://wattbewerb.de/
      contributors: ["@wattbewerb"]
    - name: Rogow
      url: https://rogow.com.br/
      contributors: ["@nilmonto"]
  Healthcare:
    - name: Amino
      url: https://amino.com
      contributors: ["@shkr"]
    - name: Bluesquare
      url: https://www.bluesquarehub.com/
      contributors: ["@madewulf"]
    - name: Care
      url: https://www.getcare.io/
      contributors: ["@alandao2021"]
    - name: Living Goods
      url: https://www.livinggoods.org
      contributors: ["@chelule"]
    - name: Maieutical Labs
      url: https://maieuticallabs.it
      contributors: ["@xrmx"]
    - name: Medic
      url: https://medic.org
      contributors: ["@1yuv"]
    - name: REDCap Cloud
      url: https://www.redcapcloud.com/
    - name: TrustMedis
      url: https://trustmedis.com/
      contributors: ["@famasya"]
    - name: WeSure
      url: https://www.wesure.cn/
    - name: 2070Health
      url: https://2070health.com/
  HR / Staffing:
    - name: Swile
      url: https://www.swile.co/
      contributors: ["@PaoloTerzi"]
    - name: Symmetrics
      url: https://www.symmetrics.fyi
    - name: bluquist
      url: https://bluquist.com/
  Government:
    - name: City of Ann Arbor, MI
      url: https://www.a2gov.org/
      contributors: ["@sfirke"]
    - name: RIS3 Strategy of CZ, MIT CR
      url: https://www.ris3.cz/
      contributors: ["@RIS3CZ"]
    - name: NRLM - Sarathi, India
      url: https://pib.gov.in/PressReleasePage.aspx?PRID=1999586
  Mobile Software:
    - name: VLMedia
      url: https://www.vlmedia.com.tr
      logo: vlmedia.svg
      contributors: ["@iercan"]
  Travel:
    - name: Agoda
      url: https://www.agoda.com/
      contributors: ["@lostseaway", "@maiake", "@obombayo"]
    - name: HomeToGo
      url: https://hometogo.com/
      contributors: ["@pedromartinsteenstrup"]
    - name: Skyscanner
      url: https://www.skyscanner.net/
      contributors: ["@cleslie", "@stanhoucke"]
  Logistics:
    - name: Stockarea
      url: https://stockarea.io
    - name: VTG
      url: https://www.vtg.de
  Sports:
    - name: Club 25 de Agosto (Femenino / Women's Team)
      url: https://www.instagram.com/25deagosto.basketfemenino/
      contributors: [ "@lion90" ]
      logo: club25deagosto.svg
    - name: Fanatics
      url: https://www.fanatics.com/
      contributors: [ "@coderfender" ]
    - name: komoot
      url: https://www.komoot.com/
      contributors: [ "@christophlingg" ]
  Others:
    - name: 10Web
      url: https://10web.io/
    - name: AI inside
      url: https://inside.ai/en/
    - name: Automattic
      url: https://automattic.com/
      contributors: ["@Khrol", "@Usiel"]
    - name: Dropbox
      url: https://www.dropbox.com/
      contributors: ["@bkyryliuk"]
    - name: Flowbird
      url: https://flowbird.com
      contributors: ["@EmmanuelCbd"]
    - name: GEOTAB
      url: https://www.geotab.com
      contributors: ["@JZ6"]
    - name: Grassroot
      url: https://www.grassrootinstitute.org/
    - name: HOLLYLAND猛玛
      url: https://www.hollyland.com
      logo: hollyland猛玛.svg
      contributors: ["@hlyda0601"]
    - name: Increff
      url: https://www.increff.com/
      contributors: ["@ishansinghania"]
    - name: Let's Roam
      url: https://www.letsroam.com/
    - name: Machrent SA
      url: https://www.machrent.com/
    - name: Onebeat
      url: https://1beat.com/
      contributors: ["@GuyAttia"]
    - name: X
      url: https://x.com/
    - name: Yahoo!
      url: https://yahoo.com/
--- a/Show More
+++ b/Show More